Wild Card SSL

From banana_wiki
Jump to: navigation, search

Wildcard ssl certs are great if you run a lot of related subdomains and want to provide SSL security for HTTP transactions. While wildcard certificates are expensive you can create (self sign) your own and provide the same amount of security if not more for your projects.

openssl genrsa 4096 > bfish-wildcard.key
openssl req -new -x509 -nodes -sha1 -days 365 -key bfish-wildcard.key > bfish-wildcard.crt
openssl x509 -noout -fingerprint -text < bfish-wildcard.crt > bfish-wildcard.info
cat bfish-wildcard.crt bfish-wildcard.key > bfish-wildcard.pem
mkdir /etc/ssl/bfish-wildcard
mv bfish-wildcard* /etc/ssl/bfish-wildcard
chmod -R 644 /etc/ssl/bfish-wildcard

then add to nginx configs:

    listen               443 ssl;
    #ssl                  on;
    ssl_certificate      /etc/ssl/bfish-wildcard/bfish-wildcard.pem;
    ssl_certificate_key  /etc/ssl/bfish-wildcard/bfish-wildcard.key;
    ssl_session_timeout  5m;