今天在家里迁移Paloalto到Checkpoint,有一个地方需要用到证书,于是决定用域控给自己签一个。但是发现很多情况下,泛域名都不好使。在网上搜了半天,发现有一个好使的,记录如下:
openssl req -new -sha256 -nodes -out \star.your-new-domain.com.csr -newkey rsa:2048 -keyout \star.your-new-domain.com.key -config <( cat <<-EOF [req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C=CN ST=Shenzhen L=Longgang O= OU=Testing Domain emailAddress=your-administrative-address@your-awesome-existing-domain.com CN = www.your-new-domain.com [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = your-new-domain.com DNS.2 = *.your-new-domain.com EOF )