Hello Dipesh,

Good Question!!

If you need a wildcard certificate, you would still follow the same flow, except you would use a regex(*) when generating the server certificate signing request.

$ openssl req -new -key server.key -out server.csr -subj "/CN=*.xyz.com"

This will enable you to authenticate with domains *.xyz.com.

Note: xyz.com it self will not authenticate, so you will need to add it to the Subject Alternative Names:

$ openssl x509 -req -days 365 -extfile <(printf "subjectAltName=DNS:xyz.com,DNS:www.xyz.com") -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Some good reference on the above: https://www.idmworks.com/wildcard-ssl-certificate-in-common-name-cn/