# Génération d'un certificat wildcard auto-signé

On crée le répertoire pour la clé et le certificat, puis on génère le certificat.

```bash
cd /etc/apache2
mkdir ssl
cd ssl/
mkdir private
openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
```

[![image-1615656772090.png](https://docs.khroners.fr/uploads/images/gallery/2021-03/scaled-1680-/dxft1ogHcSt3H0Fa-image-1615656772090.png)](https://docs.khroners.fr/uploads/images/gallery/2021-03/dxft1ogHcSt3H0Fa-image-1615656772090.png)

On protège le certificat.

```bash
chown -R root:root /etc/apache2/ssl/cert.pem
chmod 0700 /etc/apache2/ssl/
chmod 0600 /etc/apache2/ssl/*
```