Also remember to use a digest better than md5(default), when generating the certificates. If not you will obtain an ssl error when using the secret.

Here’s and example:

$ openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=*.xyz.com'$ openssl x509 -req -sha256 -extfile <(printf "subjectAltName=DNS:xyz.com,DNS:www.xyz.com") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Also note that I updated the blog certificate generation section to include these changes.