cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

1158
Views
0
Helpful
5
Replies
Highlighted
Beginner

CSS 11501 - wildcard certificate with subject alternative names

Hi,

I generated a wildcard certificate for my company type *. mycompany.com in a CSS 11501.

For the site sub-domain1.mycompany.com worked fine, for the site sub-domain2.sub-domain1.mycompany.com didn't worked.

I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?

Thank you very much,

Cláudio Soares

5 REPLIES 5
Cisco Employee

CSS 11501 - wildcard certificate with subject alternative names

Hi,

The CSS is indifferent to the Common Name in an SSL certificate used for SSL termination,

so using a wildcard certificate would be no different than using a standard certificate.

If using the CSS to generate the Certificate Signing Request, just enter the Common

Name with the leading asterisk for the subdomain portion of the hostname. Example:

Common Name (your domain name) [www.mycompany.com]*.domain.com

The only difference in configuring SSL termination would be that you could

reuse the SSL certificate (in the ssl-proxy-list) for all the different vips that the

subdomains resolve to without having to worry about pop-up warnings on client's browsers

(example attached). Or, if your subdomains resolve to the same vip, the CSS configuration

wouldn't be any different.

Regards,

Siva

Beginner

Re: CSS 11501 - wildcard certificate with subject alternative na

Wildcard *.domain.com worked just fine for mycompany.domain.com, but for sub_1.mycompany.com i got a bad domain error.

does CSS support SAN?

I've attached Firefox error.      

Thank you,

Kind Regards,

Cláudio Soares    

Cisco Employee

CSS 11501 - wildcard certificate with subject alternative names

Hi,

If you are referring to Subject Alternative Name (SAN) SSL Certificates

then the CSS should support them as it is the client that has to verify

them correctly.

If it is issued with multiple names that resolve to same IP, if you

install the wildcard cert on the CSS should be able to successfully

terminate the SSL session.

-

Siva

Beginner

Re: CSS 11501 - wildcard certificate with subject alternative na

How can i genetrate a certificate with SAN in CSS?

Regards,

Cláudio Soares

Enthusiast

Re: CSS 11501 - wildcard certificate with subject alternative na

Hello Claudio,

Is not possible with the CSS

--------------------- Cesar R ANS Team
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here