WildCard Certificate CSR Firepower Anyconnect

keithcclark71 · ‎08-08-2022

I have multiple FTDs deployed with each site able to do anyconnect. Since they are separate VPN's I want to create a CSR for a Wildcard certificate. When I go through the creation of the CSR for this is there anything I need to do in particular so that the CSR generated can be used for multiple subject names. I want to do one wildcard cert for all the following names

VPNLocationA.domain.com
VPNLocationB.domain.com
VPNLocationC.domain.com
VPNLocationD.domain.com

Rob Ingram · ‎08-08-2022

@keithcclark71 that's not a wildcard, a wildcard certificate would be *.domain.com. You possibly want a multi-domain certificate, where you have multiple FQDN as a SAN entry?

I think you can create a CSR in the FMC with SAN entries (I don't have access to an FMC to check), if not you'd have to use openssl to create the CSR, get the certificate signed and create a PKCS12 file and import.

keithcclark71 · ‎08-08-2022

When I generate the CSR could I just specify the FQDN as *.domain.com and therefore cover all the names I need for the different anyconnect sites?

Rob Ingram · ‎08-08-2022

@keithcclark71 yes you can the same wildcard certificate of *.domain.com on each FTD.

keithcclark71 · ‎08-08-2022

Hey Rob what am I doing wrong here? I am trying to specify thewildcard asterick but it wont accept? Any ideas?

keithcclark71 · ‎08-08-2022

Nevermind I changed to "Dont use FQDN in certificate" I think i'm good now.