cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1076
Views
0
Helpful
2
Replies

Cisco SSL Services Module (on 6500)

emresumengen
Level 1
Level 1

Hi all,

A customer has asked me a few questions on an SSL Services Module they have (that we haven't sold and have little experience with). I've been reading the documents, but I have some questions and things to verify...

As I can understand, they already have services and trustpoints configured on the module, but with certificates created with a previously-existing internal AD-integrated CA. Now, they want to switch their services to run a certificate they've obtained from a legitimate CA.

1) They are trying to import the new certificate with copy-paste method, through the terminal. As far as I can see, both the server certificate and the CA certificate issuing the server cert. should be in base64 encoded for this to work, right? Or, can we import somehow PKCS or PEM certs thorough the terminal?

2) They would like to use a wildcard certificate for a few of their servers/services they publish. (Like, instead of getting 3 different certificates for service1.domain.com, service2.domain.com and service3.domain.com, they'd like a certificate for *.domain.com which would work for all of the 3 services.) Is this possible? Should they need to change their configuration? (Now I understand that they have different trustpoints, certificates and service configurations for each of the servers...)

I'd really like if some good soul with experience could shed a little light on this...

Or, any leads on documentation (that I may have missed) would also be appreciated.

Thanks in advance,

Emre