To setup a wildcard certificate, use "*.yourdomain.com" as the Common Name when you generate the certificate signing request (CSR).

If you want to same certificate to work on "yourdomain.com" (without the subdomain), then add

subjectAltName=${ENV::SAN}

in the [ usr_crt ] section of your openssl.cnf file, and set the environment variable

export SAN='DNS:yourdomain.com'

before running the openssl commands to create the CSR.