Using wildcard for generating cert and key

hello, do my CN is acceptable for Istio? or should I just use instead of *

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=$ Inc./CN=*.$' -keyout $ -out $

openssl req -out *.$ -newkey rsa:2048 -nodes -keyout *.$ -subj "/CN=*.$ world from $"

openssl x509 -req -days 365 -CA $ -CAkey $ -set_serial 0 -in *.$ -out *.$

kubectl exec -i -n istio-system (kubectl get pod -l istio=ingressgateway -n istio-system -o jsonpath=’{.items[0]}’) – cat /etc/istio/ingressgateway-certs/tls.crt | openssl x509 -text -noout | grep ‘Subject:’

    Subject: CN=*, O=hello world from