Also remember to use a digest better than md5(default), when generating the certificates. If not you will obtain an ssl error when using the secret.

Here’s and example:

$ openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=*.xyz.com'$ openssl x509 -req -sha256 -extfile <(printf "subjectAltName=DNS:xyz.com,DNS:www.xyz.com") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Also note that I updated the blog certificate generation section to include these changes.

Technical Marketing @ GitLab 🦊, Developer at home, Keeping ATX Weird 😜

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store