1

I need help in creating a self signed wildcard certificate for development purpose . Wild card certificate can be for IP Address starting with 192.168.* which very much covers the IP address for a local intranet. I want use OpenSSL.

Once created I want use in Identity servers like wso2, pingfederate as well as JEE server like Tomcat. IOS App will be looking up for Oauth2.0 authentication against the identity server.

Vishwanath Washimkar
  • 364
  • 2
  • 21
  • https://serverfault.com/questions/659967/how-to-generate-a-self-signed-ssl-certificate-bound-to-ip-address – Bee Feb 08 '21 at 12:27
  • @Bee: that's not for wildcard. Better: https://security.stackexchange.com/questions/91368/ip-range-in-ssl-subject-alternative-name https://stackoverflow.com/questions/17497581/certificate-subjectalternativename-with-wildcard-ip https://stackoverflow.com/questions/63927377/ip-address-wildcard-in-ssl-tls-certificates (and nowadays SO scope is limited to programming, which this Q is not) – dave_thompson_085 Feb 08 '21 at 22:31

1 Answers1

0

I use this technique to run a real world developer setup and find SSL trust issues early. I much prefer this to running URLs such as http://localhost:3000 and then running into deployment problems.

This method is not usually suitable for wider distribution to people such as to testers, but can be shared between developers in a team, who all follow the same setup steps.

OVERVIEW

Base the setup on a public key infrastructure:

  • Create a Root Certification Authority
  • Define the URLs and domains for which you want TLS to work
  • Add domains to the hosts file on a Developer PC
  • Use the root cert to issue one or more wildcard certs for these domains
  • Configure SSL trust for the root authority in various technology stacks

RESOURCES

See these resources of mine for further details on some development techniques. Again, I would only recommend this for local development environments and not for deployed environments.

Gary Archer
  • 22,534
  • 2
  • 12
  • 24