YAST CA Management


I have problem creating server certificate with SubjectAltNames (DNS) begining with “*”
( as opensuse has on their website - CN *.opensuse.org, AltName *.opensuse.org )

Is there some workaround ?


I’ve only ever used openssl to create certificates, and wildcard certificates without a problem.

It depends on your use case.
For self-signed certificates, you can use openssl.
But, often you should submit a request to a CA instead.


Thanks for answer.

You are true. I also found CA Management has not ability use sha256 an other problems. But I’m not so familiar around openssl, I prefer click click click … and certificate authority has ready, click, click, one server has certificate ( i’m sure with self-signed CA ) and so on. Weak of Yast CA lead me to learn something about openssl.

I already create certificate with utf8 ( Podbořany instead Podborany and others ) and sha256. But I’m not sure about Basic Constraints:, X509v3 Key Usage: … etc … openssl crashes when I’m trying implement these to config file
I use

openssl req -new -sha256 -nodes  -utf8 -nameopt multiline,utf8 -out jednota.csr -newkey rsa:2048 -keyout jednota.key -config server_request.cfg

For what reason are you creating (or requesting) a certificate… ie what application or use?