I assume you want to create a certificate for your website? That’s important to know and critical to how the process works of requesting and generating an SSL certificate.
if you’re creating a certificate for some other purpose, then I guess you can disregard all that follows…
Usually,
First step is to create a CA (Certificate Authority) if you want to set things up as an Enterprise.
How you create your CA will depend largely on what kind of security you’ve deployed for your company and/or LAN, if you’ve installed network security like LDAP or AD, then the members of your Domain will automatically recognize and trust any certificates generated by your CA… Else, the certificates generated by your CA will not be automatically trusted so will have to be manually installed into each Host.
The alternative would be to pay for your certificate to be part of the chain from a commercial CA, certificates from a commercial CA or from CA authorized by a commercial CA are already installed by default in web browsers so are automatically trusted.
After setting up your CA,
Any machine or through an application (like a webserver) can generate a CSR (certificate signing request) for your CA (or commercial CA), and at that time you “fill in the blanks” specifying the things you’re asking about.
The CA grants your request, and then you can install that certificate appropriately (like in your webserver’s website).
If you don’t want to set up a CA and create a self-signed certificate, you still have to do so starting with creating a CSR (certificate signing request) using openssl, and then use openssl again to generate the certificate based on your CSR.
The following looks it describes the process accurately if you’re installing into an apache webserver. If these instructions aren’t clear or you’re running a different webserver, post your details.
https://www.linux.com/learn/creating-self-signed-ssl-certificates-apache-linux
As for creating a wildcard certificate, that is what you specify for the CN.
And, all the attributes you listed (and more) are generally input through the CSR, you’re mistaken that they aren’t all present (some required, some optional).
Remember again that a self-signed certificate won’t be automatically trusted by anyone, so each visitor will need to manually configure your certificate to be trusted.
HTH,
TSU