How to sign a Wildcard SSL with a CSR certificate?

V

Volentin2014-12-14 16:26:46

OpenSSL

Volentin, 2014-12-14 16:26:46

Greetings!
The situation is as follows:
1) There is a certificate purchased from Komodo SSL Wildcard for the domain "*.domain.ru";
2) There is a server with a Web-console (address server.domain.ru), access to which is via HTTPS. You need to install an SSL certificate on it;
3) This server does not allow importing the existing Wildcard certificate "*.domain.ru" along with its key. You can generate a CSR on the server and sign it at the CA;
4) Is it possible to sign the CSR generated by the server with the private key of the Wildcard certificate?
5) Tried to do it with openssl command:

openssl x509 -req -in server.domain.ru.csr -CA wildcard.crt -CAkey wildcard.key -CAcreateserial -out server.domain.ru.crt -days 5000

The CSR was signed, but the certificate turned out to be self-signed (in the hierarchy of certificates, it only has server.domain.ru itself)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nikolai Korabelnikov, 2015-01-29
@nmk2002

Generate a new request on the server and reissue the certificate
If you generate a new certificate request, then the meaning of the wildcard certificate disappears.
It is better to understand the reason why you cannot import the existing wildcard certificate to your server.
It is unlikely, because the purpose of the certificate is most likely SSL authentication, and not the signing of certificates. Therefore, you cannot sign other certificates with your key. (well, technically it is possible, which you did, but the chain of trust will not be built).