I generated a wildcard certificate for my company type *. mycompany.com in a CSS 11501.
For the site sub-domain1.mycompany.com worked fine, for the site sub-domain2.sub-domain1.mycompany.com didn't worked.
I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
Thank you very much,
The CSS is indifferent to the Common Name in an SSL certificate used for SSL termination,
so using a wildcard certificate would be no different than using a standard certificate.
If using the CSS to generate the Certificate Signing Request, just enter the Common
Name with the leading asterisk for the subdomain portion of the hostname. Example:
Common Name (your domain name) [www.mycompany.com]*.domain.com
The only difference in configuring SSL termination would be that you could
reuse the SSL certificate (in the ssl-proxy-list) for all the different vips that the
subdomains resolve to without having to worry about pop-up warnings on client's browsers
(example attached). Or, if your subdomains resolve to the same vip, the CSS configuration
wouldn't be any different.
If you are referring to Subject Alternative Name (SAN) SSL Certificates
then the CSS should support them as it is the client that has to verify
If it is issued with multiple names that resolve to same IP, if you
install the wildcard cert on the CSS should be able to successfully
terminate the SSL session.