Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1622
Views
0
Helpful
5
Replies

CSS 11501 - wildcard certificate with subject alternative names

comunicacoes
Level 1
Level 1

‎09-07-2012 03:45 AM

Hi,

I generated a wildcard certificate for my company type *. mycompany.com in a CSS 11501.

For the site sub-domain1.mycompany.com worked fine, for the site sub-domain2.sub-domain1.mycompany.com didn't worked.

I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?

Thank you very much,

Cláudio Soares

Labels:
0 Helpful
5 Replies 5

sivaksiv
Cisco Employee
Cisco Employee

‎09-07-2012 04:04 AM

Hi,

The CSS is indifferent to the Common Name in an SSL certificate used for SSL termination,

so using a wildcard certificate would be no different than using a standard certificate.

If using the CSS to generate the Certificate Signing Request, just enter the Common

Name with the leading asterisk for the subdomain portion of the hostname. Example:

Common Name (your domain name) [www.mycompany.com]*.domain.com

The only difference in configuring SSL termination would be that you could

reuse the SSL certificate (in the ssl-proxy-list) for all the different vips that the

subdomains resolve to without having to worry about pop-up warnings on client's browsers

(example attached). Or, if your subdomains resolve to the same vip, the CSS configuration

wouldn't be any different.

Regards,

Siva

0 Helpful

comunicacoes
Level 1
Level 1
In response to sivaksiv

‎09-07-2012 04:10 AM

Wildcard *.domain.com worked just fine for mycompany.domain.com, but for sub_1.mycompany.com i got a bad domain error.

does CSS support SAN?

I've attached Firefox error.      

Thank you,

Kind Regards,

Cláudio Soares    

Preview file
111 KB
0 Helpful

sivaksiv
Cisco Employee
Cisco Employee
In response to comunicacoes

‎09-07-2012 04:26 AM

Hi,

If you are referring to Subject Alternative Name (SAN) SSL Certificates

then the CSS should support them as it is the client that has to verify

them correctly.

If it is issued with multiple names that resolve to same IP, if you

install the wildcard cert on the CSS should be able to successfully

terminate the SSL session.

-

Siva

0 Helpful

comunicacoes
Level 1
Level 1
In response to sivaksiv

‎09-07-2012 04:30 AM

How can i genetrate a certificate with SAN in CSS?

Regards,

Cláudio Soares

0 Helpful

Cesar Roque
Level 4
Level 4
In response to comunicacoes

‎09-07-2012 09:36 AM

Hello Claudio,

Is not possible with the CSS

--------------------- Cesar R ANS Team
0 Helpful
Customers Also Viewed These Support Documents