On Generating an SSL Wildcard Certificate CSR

Yo, while I have generated a wildcard cert before (more expensive, supports any prefix such as www.itgroove.net, portal.itgroove.net, mail.itgroove.net) it has been a long while and I figured while it may seem obvious after the fact, the scary bit is wanting to make sure you have the CSR (request) format correct before you submit it to a CA and pay them $500+.


The business requirement was the customer wanted to have a single (5 year) certificate to manage, moving forward to collapse the 6 or so individual certs they were keeping track of.

Figure 1: the key is the *


Basically, the trick is, make sure you use an asterisk (*) for the prefix like the above (*.company.com). I had a hard time finding any resources to confirm this was 100% correct (my gut and background told it was, but nothing actually validated it). So here you have it, the validation, for next time…

Figure 2 : RapidSSL confirmed the wildcard format online during purchase


Figure 3: After acquisition, the cert showed the same