How to create your own CA based on a Wildcard certificate?

A

ADOLF88HITLER2016-06-20 21:07:42

OpenSSL

ADOLF88HITLER, 2016-06-20 21:07:42

There is a wildcard certificate issued, for example, by GoDaddy. And the browser perceives domains by *.example.com mask normally. There are also 1000 web servers that should serve *.serverXXX.example.com domains. The problem is that it is unsafe to put the main certificate on each of them (third party) and I would like each of them to issue certificates themselves and, in which case, revoke them.
Is it possible to become an intermediate CA within the example.com domain without buying a bunch of certificates?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

Eugene, 2016-06-21
@yellowmew

I wonder why you decided that the certificate for any number of subdomains of your domain could suddenly become an intermediate certificate authority certificate?
In addition, a wildcard certificate is limited only to the first level of subdomains of your domain: name .example.com
Read the theory, at least google what is intermediate ca and what are the requirements for it (and how much does it cost) and what is a wildcard certificate.

C

CityCat4, 2016-06-21
@CityCat4

No.
A wildcard certificate is just a wildcard certificate that verifies a number of subdomains of the domain for which it is issued. It does not give the right to issue certificates .
You either buy a certificate for each, or raise your CA and put the certificate of your CA as the root for everyone.