How to create self signed wildcard SSL certificates for Apache

Create the wildcard SSL certification

Open up your terminal and execute the below commands, replacing with the domain name

mkdir /etc/ssl/
cd /etc/ssl/
openssl genrsa 2048 > host.key
openssl req -new -x509 -nodes -sha256 -days 3650 -key host.key > host.cert

For a wildcard cert enter * for Common Name. It’s the 6th option in the dialog. All other options can be left blank for defaults

openssl x509 -noout -fingerprint -text < host.cert >
cat host.cert host.key > host.pem
chmod 400 host.key host.pem


Enable SSL in Apache and restart

sudo a2enmod ssl
sudo service apache2 restart

Virtual hosts

Then add the SSL settings into each VirtualHost in your Apache configuration files

Note: that if you are planning to run your sub-domain or domains on http(80) aswell asn http(443) then you need to have 2 separate virtualhost entries. 1 for port 80 and 1 for port 443

For the sub-domains you want to use with https add the below options with the 443 into your existing files

<VirtualHost *:443>   
SSLEngine On
SSLCertificateFile /etc/ssl/
SSLCertificateKeyFile /etc/ssl/

Then reload Apache

sudo service apache2 reload

To test if its working open up and check if the certificate works

Justin Kelly

Justin Kelly

Data Engineeer, Business Analytics, Web Developer, Library Technology specialising in PHP and Tableau

Based in Melbourne, Australia

Feel free to contact me or _justin_kelly