Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1504
Views
5
Helpful
2
Replies

Cisco Expressway E special symbol * for certificate

Go to solution
netcrackercorp
Level 1
Level 1

‎05-14-2015 02:49 AM - edited ‎03-13-2019 08:58 PM

Hello,

 

We use Cisco Expressway solution for RMA. Cisco Expressway X8.5.1

For example:

FQDN of Cisco Expressway E - expressway-e.domain.com

FQDN of Cisco Expressway C - expressway-c.domain.com

I have implemented certificate with cn=*.domain.com and server accepted it, but traversal zone between Expressway E and Expressway C doesn't work.

I found in logs:

tvcs: Event="External Server Communications Failure" Reason="DNS resolution failed" Service="NeighbourGatekeeper" Detail="name:*.domain.com" Level="1" UTCTime="2015-05-03 09:08:42,541"

Expressway C tries to connect to Expressway E and then check CN from certificate, which should be same as FQDN of Expressway E.

Cisco Expressway C cannot match CN with special symbols * to FQDN.

 

Does Expressway support certificate with  special symbols in CN?

 

Alex,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎05-14-2015 09:10 AM

Wildcard certificates aren't supported.  See the "Overview of certificate use on the Expressway" section of the Expressway Certificate Creation and Use Deployment Guide starting on the bottom of pg 3.

Wildcard certificates manage multiple subdomains and the services names they support, they can be less secure than SAN (Subject Alternate Name) certificates. Expressway does not support wildcard certificates.

View solution in original post

2 Replies 2

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎05-14-2015 09:10 AM

Wildcard certificates aren't supported.  See the "Overview of certificate use on the Expressway" section of the Expressway Certificate Creation and Use Deployment Guide starting on the bottom of pg 3.

Wildcard certificates manage multiple subdomains and the services names they support, they can be less secure than SAN (Subject Alternate Name) certificates. Expressway does not support wildcard certificates.

Go to solution
netcrackercorp
Level 1
Level 1
In response to Patrick Sparkman

‎05-25-2015 08:04 AM

Hello Patrick,

Thank you for your reply.

I have generated a certificate with parameters:

Subject Common Name = FQDN of cluster name

Subject Alternate Names =  FQDN of the first node,  FQDN of the secondary node, FQDN of cluster name, FQDN of the domain

I have implemented the same certificate on each nodes and looks like everything works good, but I have doubts for this configuration:

I found that if we use clustering system we should generate certificate for each peer.

How do you think why we cannot use the same certificate on each nodes?

0 Helpful
Customers Also Viewed These Support Documents