Copy the default template of openssl.cnf
to a writable location.
cp /System/Library/OpenSSL/openssl.cnf src
Uncomment the req_extensions = v3_req
req_extensions = v3_req # The extensions to add to a certificate request
Add subjectAltName
to v3_req section
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
Add the main hostname and the wildcard to a new [alt_names] section
[alt_names]
DNS.1 = yourdomain.com
DNS.2 = *.yourdomain.com
For example, for octodmeo.com
[alt_names]
DNS.1 = octodemo.com
DNS.2 = *.octodemo.com
Run the following and fill all the essential information, especially the CN (Common Name):
openssl genrsa -out hostname.key 2048
openssl rsa -in hostname.key -out hostname-key.pem
openssl req -new -key hostname-key.pem -out hostname-request.csr
openssl x509 -req -extensions v3_req -days 365 -in hostname-request.csr -signkey hostname-key.key -out hostname-cert.pem -extfile <path to openssl.conf>
openssl.conf is in apache folder by default (under conf) - or you can download the default somewhere and edit it.
This seems to work for me (note I used hostname.key not hostname-key.key - there is only hostname-key.pem and hostname.key) - otherwise you get error:
I ran this from my apache dir:
openssl x509 -sha256 -req -extensions v3_req -days 365 -in hostname-request.csr -signkey hostname.key -out hostname-cert.pem -extfile ./conf/openssl.cnf