cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
649
Views
0
Helpful
1
Replies

Certificate format in CES

ymadheka
Level 4
Level 4

Hi Team,

What are the certificate formats supported by CES? In the customer instance we would like to import a wildcard certificate for TLS functionality.

Thanks & Regards,

Yogesh Madhekar

1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

For machines in clustered environment there are two options:

1. Using machine level certificates with the same common name.

This can be accomplished using certificates with the same common name and different hostname on individual machines. These can then be used at the cluster level as well since they share the same common name.

2. Using wildcard certificates.

Per RFC 2595, the "*" character may be used as the left most name component of the server's common name. Within the left most element there can be characters to the left of the "*" but not to the right.

Accepted wildcard examples
www.example.com matches www.example.com
*.example.com matches www.example.com
w*.example.com matches www.example.com
www.exam*.com matches www.example.com
www.example.* matches www.example.com

Non accepted wildcard examples
*www.example.com
*w.example.com
w*w.example.com

It is important to remember that the naming convention must stay consistent.

For example, if the servers that run the Wildcard use a four component naming convention such as subhost.host.sitename.com, the Wildcard certificate must use a four component naming convention such as *.host.sitename.com.

Also, a Wildcard certificate for *.example.com will not work for example.com since there is no host name.

Regards

Libin Varghese