I needed to create a wildcard SSL certificate and upload it to AWS CloudFront today.
First, generate a 2048-bit private key. This will prompt you for a passphrase:
$ openssl genrsa -des3 -out example.key 2048
Check which signature algorithm was used (SHA-256 is recommended):
$ openssl req -in example.csr -noout -text
Transform the private key to PEM format:
$ openssl rsa -outform PEM -in example.key -out example.pem
Generate a Certificate Signing Request. Note the * in the server FQDN:
$ openssl req -new -key example.key -out example.csr Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Washington Locality Name (eg, city) :Seattle Organization Name (eg, company) [Internet Widgits Pty…continue.