I used make-dummmy-cert that comes with apache 2.2 and ssl_mod to make a self-signed certificate. I tried making it for www.example.com, example.com, or *.example.com, but none of them would work for both www.example.com and example.com. The browser would say The certificate is only valid for example.com (or www.example.com or *.example.com respectively)
How do I make a self-signed cert that would work for both cases?
Best Answer
*.example.com
won't matchexample.com
because the star only matches subdomains ofexample.com
.*.example.com
will however matchwww.example.com
andfoo.example.com
.What I think you need to do if you really want to match both is to create a certificate with multiple
CNsentries in the SubjectAltName, one forexample.com
and one for*.example.com
(orwww.example.com
, if you don't need to match any other subdomains). This link might help: http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_EDIT:
@Bill Weiss is right, I just checked one of the certs I have from GoDaddy and it has both www.example.com and example.com in the SubjectAltName, and both work in the browser. So it sounds like you can get what you need for cheap.
Good luck,
--jed