How to Install a Wildcard SSL Certificate in Salesforce using a Manually Generated CSR

Step-by-Step Process

🔹 1. Generate a Certificate Signing Request (CSR)

You can do this using OpenSSL or another tool.

openssl req -newkey rsa:2048 -nodes -keyout olympus-grid.ai.wildcard.privatekey -out olympus-grid.ai.wildcard.csr

• Common Name (CN): *.yourdomain.com (e.g., *.olympus-grid.ai)

• Submit this CSR to your SSL provider (e.g., GoDaddy)

• Optionally, purchase and setup a wildecard certificate request directly from your DNS provider

🔹 2. Receive Certificate Files from Issuer

Typically you’ll get:

• yourdomain.crt – your SSL certificate

• yourdomain.pem – often a fullchain combo

• yourdomain.bundle.crt – intermediate/CA bundle

• You already have your private key from the CSR step

In our example:

• olympus-grid.ai.wildcard.crt

• gd_bundle-g2.crt

• olympus-grid.ai.wildcard.privatekey

🔹 3. Create a .p12 (PKCS#12) Bundle

Must use a simple alias (no hyphens) — Salesforce rejects hyphens in alias names.

• You'll be prompted to set a password → remember it

🔹 4. Convert .p12 to .jks (Java Keystore)

• Use the same password or a new one — either is fine

• This produces olympusgridai.jks

🔹 5. Import into Salesforce

• Navigate to: Setup → Certificate and Key Management

• Click Import from Keystore

• Upload olympusgridai.jks

• Enter the keystore password

• Click Save

You’re done - You can now host unlimited sub-domains from a single TLD, hosted from Olympus-Grid.

Final Notes

• Alias must not contain special characters (Salesforce limitation)

• This works for Salesforce Sites, Communities, My Domain, and Named Credentials (need confirmation)

• Rotate your certificates before expiration (schedule a reminder)