# testcert_wildcard.conf
#
# Instructions and configuration for creating a certificate with
# a wildcard name and some extensions to test
#
# Use the commands below to first create a certificate signing request
# and then sign it.
#
# First time only: Create a serial file and private key. The same
# serial and key files can also be used for other test
# certificates. Note: uses current date in initial serial number.
#
# test -e test_CA1.srl || echo 2017121800 | tee test_CA1.srl
# test -e testcert_key_2048.pem || openssl genrsa -out testcert_key_2048.pem 2048
#
# openssl req -new -key testcert_key_2048.pem -text -config testcert_wildcard.conf -out testcert_wildcard.csr.pem
# openssl x509 -req -CA test_CA1.crt.pem -CAkey test_CA1.key.pem -CAserial test_CA1.srl -days 5480 -text -in testcert_wildcard.csr.pem -extfile testcert_wildcard.conf -out testcert_wildcard.crt.pem

basicConstraints=critical,CA:FALSE
extendedKeyUsage=serverAuth,clientAuth
certificatePolicies=1.2.4.5, 1.1.3.4
subjectAltName=@subject_alt_section
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

[subject_alt_section]
DNS=*.example.com
email=wildcard@example.com
IP.1=10.20.30.40
IP.2=2001:db8:148:100::31

[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no

[ req_distinguished_name ]
C                      = US
ST                     = State
L                      = City
O                      = Company
OU                     = Unit
CN                     = *.example.com
emailAddress           = wildcard@example.com