How to create self signed wildcard SSL certificates for Apache

Create the wildcard SSL certification

Open up your terminal and execute the below commands, replacing with the domain name

mkdir /etc/ssl/
cd /etc/ssl/
openssl genrsa 2048 > host.key
openssl req -new -x509 -nodes -sha256 -days 3650 -key host.key > host.cert

For a wildcard cert enter * for Common Name. It’s the 6th option in the dialog. All other options can be left blank for defaults

openssl x509 -noout -fingerprint -text < host.cert >
cat host.cert host.key > host.pem
chmod 400 host.key host.pem


Enable SSL in Apache and restart

sudo a2enmod ssl
sudo service apache2 restart

Virtual hosts

Then add the SSL settings into each VirtualHost in your Apache configuration files

Note: that if you are planning to run your sub-domain or domains on http(80) aswell asn http(443) then you need to have 2 separate virtualhost entries. 1 for port 80 and 1 for port 443

For the sub-domains you want to use with https add the below options with the 443 into your existing files

<VirtualHost *:443>   
SSLEngine On
SSLCertificateFile /etc/ssl/
SSLCertificateKeyFile /etc/ssl/

Then reload Apache

sudo service apache2 reload

To test if its working open up and check if the certificate works

Justin Kelly

Justin Kelly

Web Developer, Business Analytics, Data Engineer specialising in PHP and Tableau

Based in Melbourne, Australia

Feel free to contact me or _justin_kelly


Hi Justin, Just followed you post and it was really heplful. One consideration: SHA1 is not considered anymore secure from modern browsers (e.g. Chrome), so you should change the command to use SHA256.

openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert


openssl req -new -x509 -nodes -sha256 -days 3650 -key host.key > host.cert

Best Regards

Justin Kelly

Thanks Tommaso!! I’ve now updated this blog post with your update

Leave a comment

Notify me of replies by email.