Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
1
Replies

Certificate format in CES

ymadheka
Level 4
Level 4

‎11-22-2016 11:43 PM

Hi Team,

What are the certificate formats supported by CES? In the customer instance we would like to import a wildcard certificate for TLS functionality.

Thanks & Regards,

Yogesh Madhekar

Labels:
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎11-23-2016 05:46 AM

For machines in clustered environment there are two options:

1. Using machine level certificates with the same common name.

This can be accomplished using certificates with the same common name and different hostname on individual machines. These can then be used at the cluster level as well since they share the same common name.

2. Using wildcard certificates.

Per RFC 2595, the "*" character may be used as the left most name component of the server's common name. Within the left most element there can be characters to the left of the "*" but not to the right.

Accepted wildcard examples
www.example.com matches www.example.com
*.example.com matches www.example.com
w*.example.com matches www.example.com
www.exam*.com matches www.example.com
www.example.* matches www.example.com

Non accepted wildcard examples
*www.example.com
*w.example.com
w*w.example.com

It is important to remember that the naming convention must stay consistent.

For example, if the servers that run the Wildcard use a four component naming convention such as subhost.host.sitename.com, the Wildcard certificate must use a four component naming convention such as *.host.sitename.com.

Also, a Wildcard certificate for *.example.com will not work for example.com since there is no host name.

Regards

Libin Varghese

0 Helpful
Customers Also Viewed These Support Documents