Make the Apache cert:
- cd /etc/httpd/conf/ssl/
- openssl genrsa -out wildcard.com.key 2048
- This generates a 2048-bit key with no password
- openssl req -new -key wildcard.com.key -out wildcard.com.csr
- Make sure your Common Name is: *.wildcard.com
- Don't put a password in the extra attributes
- Buy the wildcard cert from a Certificate authority and use the contents of the wildcard.com.csr file to get your cert ... make sure it shows *.wildcard.com before you buy
- The Certificate authority will provide a zip file with the wildcard.com.crt and any intermediate certs (gd_bundle.crt)
Create the PEM file:
- cat wildcard.com.key > wildcard.com.bundle.pem
- cat wildcard.com.crt >> wildcard.com.bundle.pem
- cat gd_bundle.crt >> wildcard.com.bundle.pem
- You now have a .pem file by the name of wildcard.com.bundle.pem
Create a Windows usable certificate:
- openssl pkcs12 -export -in wildcard.com.bundle.pem -out wildcard com.bundle.p12 -name *.wildcard.com
- NOTE: make sure not to put an export password
- You now have a wildcard.com.bundle.p12 file
Import certificate into Windows:
- Login to Windows as an Administrator
- At the run prompt, type: mmc
- File --> Add/remove add-ins
- Choose Certificates --> Local computer
- Go to the Personal --> Certificates directory
- Right click the Certificates directory and choose import
- Import the wildcard.com.bundle.p12 file (you'll need to modify the selection to see it)
- Mark the Certificate as Exportable
- Use Extended Attributes IF asked
- Once the import is complete, you can now go to your individual IIS sites and use the *.wildcard.com certificate
