I need to generate CRS but:
And SSL company need it:
Invalid CSR for wildcard SSL. Common name in CSR should be *.domain.com
Am I missing something?
The csr generator doesnt support wildcard domains, you can either use the domain name without wildcard or use a online csr generator (or create the cert on your own with openssl).
When I create it like this, I get a page with blank crs reguest:
Add an email address, probaly you’re using ubuntu 18.04.
Actually I tried leaving email field empty and it is fine. But ssl auth, does not accept this crs because of invalid common name:
-4007||Unable to process this request. It could be that the Common Name in your CSR does not match the Common Name in the original order, or the format of the Common Name is incorrect, or the Encryption type of your CSR is not RSA nor ECC, or the length of the Key of the CSR is insufficient. Please make sure that the CSR provided coincides with these conditions.
So I try from ssh with this:
openssl req -new -*.domain.com rsa:2048 -nodes -keyout server.key -out server.csr
Any point to pay att. for file paths?
Also if I use online crs generator, how do I get Private Key ?
You are aware, that a self signed ssl certificate isnt trusted by any browser or system?
I am trying to install a paid wildchar ssl to a sub domain. But Hestia does not allow common name field with “*.domain.com” format. But ssl company wants it with that format.
Ah, you try to generate a csr, now it’s clear. Generate it with openssl should not be a problem, just follow any tutorial you’ll find on google: Manually Generate a Certificate Signing Request (CSR) Using OpenSSL - SSL.com
After that, save the private key to a secure place and copy the csr to your ssl issuer.
Ok thank you very much. I used this site: OpenSSL CSR Tool - Create Your CSR Faster | DigiCert.com and all went perfect.
Do you plan to integrate wildchar paid ssl support ?
It’s already possible, just the csr generation is the problem. Not sure if we have any prio for it to fix.
1 Like