CSM-S SSL wildcard certificates

Can the CSM-S use wildcard SSL certs so I only need 1 SSL cert for *.test.com? I know the CSS can do it but can the module?
Thanks,
David

Yes it does.
Use CN=*.test.com while generating CSR.
Syed

Similar Messages

  • HTTP adapter, SSL and wildcard certificate

    Hi,
    I am developing a B2B integration solution using BizTalk Server. The protocol used to communicate with the partner’s server is HTTPS and so it uses SSL.
    The certificate the partner is using to establish SSL connections is provided by GeoTrust but it is a wildcard certificate, issued to *.*.*.company.com
    The server I am trying to contact to is on a domain of the form: a.b.c.company.com (which seems to match the wildcard).
    When I try to open an HTTPS connection to the server (either through Internet Explorer, a .Net Windows Application or BizTalk), the connection cannot be established because the certificate is said to not be trusted. For example, Internet Explorer shows a pop-up message saying that:
    - The certificate is issued from a valid CA
    - The certificate date is valid
    - The name of the certificate is NOT matching the name of the site. This means that the certificate is issued for a domain different that the one we are accessing to. So it seems that the wildcard system is not working for this certificate? Is that possible if they aquire a wrong type of certificate by mistake? or is multipart wildcard certificate (*.*.*) not supported?
    Anyway even if their certificate is not 100% valid, they refuse to change it as their other partners work with that and they won't change to a proper certificate just for us...
    In .Net 2.0 code, it is easy to circumvent any certificate validation by setting the delegate ServicePointManager.ServerCertificateValidationCallback to a callback method with something like:
    ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)  { return true; };
    Nevertheless, I need to achieve this sort of circumvention with BizTalk Server 2006 and I would like to know if anyone ever did that.
    I am aware that I can write my own custom HTTP Adapter but I need this urgently so I thought of asking this forum's community first. Maybe someone as a quicker way than writing a custom adapter such as some "hack" (registry keys, custom class... ) or knows of an existing custom adapter already doing the job.
    Thanks in advance,
    Best regards,
    Francois Malgreve

    The certificate needs to be installed as a explicitly trusted certificate in the store under the computer a/c on the BzTalk machine and then it'll work. Refer
    https://thinkintegration.wordpress.com/2011/12/02/biztalk-https-adapter-and-certificate-configurations/ for the steps.
    Regards.

  • Edge 2013 External Wildcard Certificate

    Hi,
    I know this has been covered a number of times but I'd like something that's been posted more recently.
    We use Lync 2013 with a wildcard certificate on our edge external interface.  Everything works as expected and that's on version 5.0.8308.556
    I've recently deployed Lync 2013 at a customer site and when applying the certificate I'm unable to sign on externally or contact federated partners.  They're running 5.0.8308.577
    When testing from Lync connectivity tester I get the following:
    Attempting to resolve the host name blah.co.uk in DNS.
    The host name resolved successfully.
    Additional Details
    Testing TCP port 443 on host blah.co.uk to ensure it's listening and open.
    The port was opened successfully.
    Additional Details
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
    Additional Details
    Elapsed Time: 758 ms.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server blah.co.uk on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
    Additional Details
    Validating the certificate name.
    The certificate name was validated successfully.
    Additional Details
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.blah.co.uk, OU=Domain Control Validated.
    One or more certificate chains were constructed successfully.
    Additional Details
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
    Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Elapsed Time: 4 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
    Additional Details
    The certificate is valid. NotBefore = 10/25/2013 2:46:03 PM, NotAfter = 10/25/2016 1:42:28 PM
    Elapsed Time: 0 ms.
    Testing remote connectivity for user [email protected] to the Microsoft Lync server.
    Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
     <label for="testSelectWizard_ctl12_ctl06_ctl03_tmmArrow">Tell
    me more about this issue and how to resolve it</label>
    Additional Details
    Couldn't sign in. Error: Error Message: Unknown error (0x80131500).
    Error Type: TlsFailureException.
    Elapsed Time: 1649 ms.
    Any help would be much appreciated!
    Thanks

    Hi,
    Wildcard certificate doesn’t support for Edge server (both external and internal interface). It is supported to use a public certificate for Edge external interface, for Edge internal interface typically use a private certificate issued by an internal certification
    authority.
    More details about certificate requirements for external user access:
    http://technet.microsoft.com/en-us/library/gg398920.aspx
    You can refer to the link below of “Wildcard Certificate Support”:
    http://technet.microsoft.com/en-us/library/hh202161.aspx
    Here is a similar case my help you:
    http://social.technet.microsoft.com/Forums/lync/en-US/6bd237eb-2e96-437b-b559-54cf95230417/lync-server-2013-edge-unknown-error-0x80131500-tlsfailureexception?forum=lyncdeploy
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • I can't generated a CSR for a wildcard certificate

    I recently received a new Mac Mini OS X Server with the Server 2.2.1 app loaded.
    I cannot figure out how to create a CSR for a wildcard certificate.
    The wizard will not accept * in the input field.
    Can someone point me to the hard way of doing this?
    I need to secure every channel on the server with a wildcard SSL certificate.
    Thanks...

    Hi Gordon,
    You can use the command line to generate your wildcard CRS.
    1. Launch /Applications/Utilities/Terminal.app
    2. At the prompt, type the following command:
    openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
    Replace yourdomain with the domain name you're securing. For example, if your domain name is coolexample.com, you would type coolexample.key and coolexample.csr.
    Common Name: The fully-qualified domain name, or URL, you're securing.
    If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
    See http://support.godaddy.com/help/article/5269/generating-a-certificate-signing-re quest-csr-apache-2x?pc_split_value=3

  • Wildcard certificates supported by ACE

    We are considering the use of wildcard certificates for our environment. Is this supported by the ACE when using SSL offloading ?
    regards,
    Sebastian

    be aware that certain mobile device do not support them I believe windows mobile 5.0 is one of them.

  • Wildcard Certificate use in Sun Java System Messaging Server (IMAPs/POPs)

    I'm trying to use a wildcard certificate acquired from GlobalSign and am having problems getting
    it (properly) into the cert database.
    I tried using certutil, and that didn't seem to work at all, it would list without user cert status:
    rmorneau+root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
    GlobalSign-Ext-CA CT,c,
    *.xxxxxxxxxxx.edu ,,
    I had some success using msgcert and pk12util, but after importing it in, then seeing that it did
    have user cert status, after a quick restart of Messaging (IMAP/POP), SSL quit for IMAP and kicked all
    my IMAPs users out temporarily (until I put the original cert8.db and key3.db back).
    -------- ImapProxy_20101115.log----
    20101115 135531 ImapProxyAService.cfg (id 2590) SSL negotiation failed for IP XXX.XXX.X.XXX: Cannot connect: SSL is disabled. (-12268)
    pop.xxxxxxxxx.edu u,u,u
    GlobalSign-Ext-CA CT,c,
    *.xxxxxxxxxxx.edu u,u,u
    I truly appreciate any help on this matter.
    -Bob

    2. Does the certificate nickname in NSS match the configured certificate nickname in the product?I'm not sure, but I'll try that the next time I try this... will probably be late at night were I won't be interrupting IMAPs and POPs
    Makes sense. Prior to release 7 update 4, the servers have to be shut down before modifying certificate databases. As of 7 update 4 you can do a one-time migration to the cert9.db/key4.db format that >should allow certificates to be updated without taking the servers offline.
    This was in the log just before the other log entry that I showed before.
    20101115 135440 ImapProxyAService.cfg ASockSSL_Init: couldn't find cert imap.xxxxxxxxx.edu (-8174)
    This is the key line from the log. The server is looking for a certificate with the NSS certificate nickname of 'imap.xxxxxxxxx.edu' and is not finding that certificate so issue 2 is likely the problem.Yes, this was it. Oversite on my part, forgot they had to match and could not be a form of just domainname.edu or *domainname.edu.
    You either need to modify the default:SSLCertNicknames setting to match the nickname of the new certificate, or install the new certificate using the existing certificate nickname of 'imap.xxxxxxxxx.edu'I modified the default:SSLCertNicknames setting.
    Thank you CNewman very much for all your help.
    And, for those trolling for an answer with more detail via an Internet search (that is, if Oracle doesn't screw up these forums for anon searches)::::
    With the private key in hand (not password protected), I used 'openssl' to get it into a pkcs12 type file:
    (It is best to do this as root and not as sudo root as you might run into problems if your host
    does not have root power to write to your home dir on the/a NFS share.... you will get "unable to write 'random state'".)
    root@mmp1:/var/opt/SUNWmsgsr/config/GlobalSign-certs-new# /usr/sfw/bin/openssl pkcs12 -export \
    -in ket-wildcard-cert.pem -inkey private.key -out cert.pkcs12 -name xxxxxxxxx.edu
    Enter Export Password:
    Verifying - Enter Export Password:
    Where "private.key" is the key file, and "ket-wildcard-cert.pem" is the (pem format) cert from our cert provider,
    and cert.pkcs12 is our cert file that will be imported into the database, and xxxxxxxxx.edu is whatever you (nick)name your cert
    in the database
    (I think you could use a password protected private key if you have that password.. I don't.)
    Next, I used 'msgcert' to import the pkcs12 cert file into the database (I'm sure there is a way
    to use certutil or even pk12util to do the same, but I'm on Sun Messenger 6.3 at this time, so that's what I used.
    If someone would like to elaborate for those....?):
    (It is best, when using 'msgcert', to do it where your mailsrv user has some privs.. I took my pkcs12 cert and moved into /tmp.)
    root@mmp1:/tmp# /opt/SUNWmsgsr/sbin/msgcert import-cert cert.pkcs12
    Enter the PKCS#12 file password: (blank)
    Enter the certificate database password: (token password in sslpassword.conf)
    Make sure your (wildcard) cert nickname matches what you have in
    ImapProxyAService.cfg and PopProxyAService.cfg at the "default:SSLCertNicknames" field.
    Edit if need be.
    root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
    GlobalSign-Ext-CA CT,c,
    xxxxxxxxx.edu u,u,u
    root@mmp1:/var/opt/SUNWmsgsr/config# grep default:SSLCertNicknames *AService.cfg
    ImapProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
    PopProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
    Then, of course, restart the msg service(s).
    /opt/SUNWmsgsr/sbin/stop-msg
    /opt/SUNWmsgsr/sbin/start-msg
    Edited by: 810750 on Nov 18, 2010 8:08 AM
    Edited by: 810750 on Nov 18, 2010 8:11 AM

  • Installation of wildcard certificate on Cisco ASA 5525-X (9.1(3))

    Hello
    I would very much appreciate your help in regards to installation of a wildcard certificate on our Cisco ASA 5525-X.
    Setup:
    We have two Cisco ASA 5525-X in a active/passive failover setup. The ASA is to be used for AnyConnect SSL VPN. I am trying to install our wildcard certificate on the firewall, but unfortunately with no luck so far. As a bonus information, I previously had a test setup (Stand alone ASA 5510 - 8.2(5)), where I did manage to install the certificate. I do believe I am performing the same steps, but still no luck. Could it be due to that I am running a failover setup now and didn't previously or maybe that I am running different software versions? Before you ask, I've tried to do an export on the test firewall (crypto ca export vpn.trustpoint pkcs12 mysecretpassword) but this actually also failed (ERROR:  A required certificate or keypair was not found) even though the cert was imported successfully and is working as it should in the lab.
    Configuration in regards to certificate:
    crypto key generate rsa label vpn.company.dk modulus 2048
    crypto ca trustpoint vpn.trustpoint
    keypair vpn.company.dk
    fqdn none
    subject-name CN=*.company.dk,C=DK
    !id-usage ssl-ipsec
    enrollment terminal
    crl configure
    crypto ca authenticate vpn.trustpoint
    ! <import intermediate certificate>
    crypto ca enroll vpn.trustpoint
    ! <send CSR to CA>
    crypto ca import vpn.trustpoint certificate
    ! <import SSL cert received back from CA>
    ssl trust-point vpn.trustpoint outside
    Problem:
    When I try to import the certificate I receive the following error:
    crypto ca import vpn.trustpoint certificate
    WARNING: The certificate enrollment is configured with an fqdn
    that differs from the system fqdn. If this certificate will be
    used for VPN authentication this may cause connection problems.
    Would you like to continue with this enrollment? [yes/no]: yes
    % The fully-qualified domain name will not be included in the certificate
    Enter the base 64 encoded certificate.
    End with the word "quit" on a line by itself
    -----BEGIN CERTIFICATE-----
    <certificate>
    -----END CERTIFICATE-----
    quit
    ERROR: Failed to parse or verify imported certificate
    Question:
    - Does any one of you have any pointers in regards to what is going wrong?
    - Especially in regards to fqdn and CN, I also have a question. My config
    fqdn none
    subject-name CN=*.company.dk,C=DK
    would that be correct? I've read online, that fqdn has to be none, and CN should be *.company.dk when using a wildcard certificate. However when I generate the CSR and also when I try to import the certificate, I receive the following warning: "The certificate enrollment is configured with an fqdn that differs from the system fqdn. If this certificate will be used for VPN authentication this may cause connection problems".
    So do you have insight or pointers which might help me?
    Thank you in advance

    I also have a wildcard cert for my SSL VPN ASAs.
    When i import the cert I use ASDM instead of CLI...
    I import the wildcard as a *.pfx file and type in the password. works fine...
    Perhaps the format is incorrect?
    Also, my "hostname.domain.lan" does not match my "company.domain.com" fqdn domain but it still works. I only apply this wildcard cert to the outside interface not inside.
    Not sure if this helps but give ASDM a try?

  • ISE 1.3 - wildcard certificate

    How to install an external wildcard certificate for SSL on ISE 1.3 and get it running for a guest portal ?
    Follow this links for guidance:
    Cisco Identity Services Engine Admin Guide, Release 1.3
    http://www.networkworld.com/article/2225032/infrastructure-management/what-are-wildcard-certificates-and-how-do-i-use-them-with-ciscos-ise.html
    https://supportforums.cisco.com/discussion/12305836/installing-wildcard-cert-ise-httpeap
    see Recording of Tech Talk Security: BYOD, Integrated CA, Multi-AD WebSession from November 6, 2014 of Aaron Woland
    and now.....     RESTART your ISE engine !
     ISE need to get restarted to bind the intermediate and the wildcard certificate which will
    send to the client for SSL. The client can now validate the certificates in the chain.
    Currently the restart is not documented by Cisco and there is no warning message to restart the ISE engine.

    Hi,
    You would have to restart the services, there is a note in the Cisco ISE document. Please refer it below:
    If you are using Firefox and Internet Explorer 8 browsers and you change the HTTPS local certificate on a node, existing browser sessions connected to that node do not automatically switch over to the new certificate. You must restart your browser to see the new certificate.
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_cert.html#pgfId-1183856
    Regards,
    Tushar Bangia
    Note : Please do rate post if you find it helpful!!

  • ADF Mobile: Handling wildcard certificates by GeoTrust

    Hello.
    We have developed an application with ADF Mobile and seem to be stuck at the SSL certificate for our webservice.
    We have lists of items that are filled by a java method connecting to a REST webservice. This service is secured by a wildcard certificate rather than a normal one.
    Can it be that ADF Mobile's JVM can't handle the wildcard certificates? I get the error
    javax.microedition.pki.certificateException: Certificate was issued by an unrecognized entity.
    Our certificate was issued by GeoTrust and is valid until 2015. It shouldn't be an "unrecognized entity" then right?
    Thanks for any help!
    Pascal

    Okay so these two things give me big trouble:
    First, the JVM (J2ME Spec) doesn't include any API's to disable SSL verification as can be found here:
    Re: How to Trust All SSL Certificates? (Disable Validation)
    Also The RestServiceAdapter probably uses HttpConnection class which doesn't support wildcard SSL certs. The problem is known as can be read here:
    http://www.sslshopper.com/article-wildcard-ssl-certificate-pros-and-cons.html
    So...if the backend uses a wildcard cert and this can't be changed and the webservice has to be secured, adf mobile is no good :(

  • Using same Wildcard certificate on multiple SAP systems with same domain name.

    Hello All,
    Need urgent help.
    I have a WILDCARD SSL certificate in pfx format. I also have individual root certificate , primary certificate in text form.
    The certificate mentioned above is already active in one of our portal.
    We want the same certificate on ECC Production.
    What are the steps to import this certificate in STRUST?
    I believe no certificate response needs to be imported.
    I have a certificate response provided by Verisign. But STRUST says- cannot import certificate response'
    Please help.

    Hi,
    This is what i did for installing wildcard certificates:
    On the OS of the sap server, log in with the sapadm account.
    Open a command prompt:
    make a backup of your sec directory in drive:\usr\sap\<SID>DVEBMGS00\  (just to be sure)
    cd to drive:\usr\sap\<SID>DVEBMGS00\exe
    >sapgenpse.exe import_p12 =p SAPSSLS.PSE location\to\the\certfile.pfx
    It will ask you for the pin, and to overwrite the file, answer yes.
    Now copy the new SAPSSLS.PSE to a desktop that has sapgui
    Login with the sapgui and run transaction strust
    Select import from the PSE menu and open the SAPSSLS.PSE
    Then again goto PSE menu  and select Save As
    I saved it twice, once in System PSE  and then again in SSL Server
    For me SSL is now working without problems on a couple of servers.
    -small update-
    You can check internal servers using the certificate utility from digicert https://www.digicert.com/util/
    It has the option to specify port numbers, usefull for internal web services.
    Regards,
    Rolf

  • Does ISE support wildcard certificates?

    Hello guys,
    My customer doesnt have a CA, but instead has wildcard certificates.
    I will implement ISE in 3 different locations (each location independent and with all ise services). Havent look in dept about wildcard certs, but does ISE support this type of certificates? The certs i need is only for corporate users not to be shown with the ssl cert error when accesing ise portals.
    If wild certificates supported, then will every independent site need to create a separate CSR for each one of them?
    Thanks!
    Emilio

    Support for Universal Certificates:
    Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)
    and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have
    to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN
    field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field
    allows you to share a single certificate across multiple nodes in a deployment and helps prevent
    certificate-name mismatch warnings.
    For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2. Kindly find the attached PDF for your clarification ISE 1.2 supports wildcard certificates. Even I had highlighted the same on page 14.
    Support for Universal Certificates:
    Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)
    and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have
    to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN
    field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field
    allows you to share a single certificate across multiple nodes in a deployment and helps prevent
    certificate-name mismatch warnings.
    For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2.

  • Implementing Wildcard Certificate on SQL Server

    Hi,
    I've been trying to configure WildCard Certificate and no matter what I do, the certificates I create and import into local store do not show up in the "Protocols for ...." window.
    In my opinion what is missing is a complete guide or document to show how to configure and implement
    wildcard certificates for SQL Server
    regards

    Hi ArashMasroor,
    According to your description, you need to install a  certificate on a computer that is running Microsoft SQL Server by using Microsoft Management Console (MMC), then you can request certificates for a SQL Server stand-alone server, and
    then use the certificate for Secure Sockets Layer (SSL) encryption.
    After you successfully install the certificate, the certificate does not appear in the Certificate list on the Certificate tab, the error occurs because you may have installed an invalid certificate. You must ensure the certificate meets the following requirements.
    1. You have a private key that corresponds to this certificate.
    2. On the Details tab, the value for the Subject field must be server name.
    3. The value for the Enhanced Key Usage field must be Server Authentication (<number>).
    4. On the Certification Path tab, the server name must appear under Certification path.
    For using the MMC snap-in to install the certificate on the server, you can review the following articles.
    http://support.microsoft.com/kb/316898
    http://technet.microsoft.com/en-us/library/dd851419.aspx
    Regards,
    Sofiya Li
    Sofiya Li
    TechNet Community Support

  • Wildcard Certificats and 4400 WLC

    First, I know the 4400 has been EOS. I am planning on replacing this with a new controller next year as part of a larger project. In the meantime, the certificate we have setup on our guest network is due to expire soon.
    I am pretty familiar with how to get a new certificate setup, but was wondering if anyone has had any experience at using a "wildcard" type certificate, instead of the standard webserver style cert?  (http://www.digicert.com/wildcard-ssl-certificates.htm)
    Its my understanding that a wildcard certificate can be used for any type of server, but the server needs to support it.
    Thanks.

    All my recent install using a 3rd party certificate has been with installing a chained certificate.
    Here is a doc that shows you how to combine a chained certificate and install it on a wlc.
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
    Sent from Cisco Technical Support iPhone App

  • Unable to install WildCard Certificate for ASA 5512-x

    Have a customer who we manage an ASA 5512-X for.  I am configuring a Wildcard Certificate for AnyConnect. They have a wildcard certificate purchased through Godaddy.com.  I am utilizing ASDM 7.3 for the installation of the certificate.  I added the Identity Certificate ASDM_TrustPoint0.  Checked the radio button "Add a new identity certificate:"  Named the Key Pair WildCard, and set the size to 2048.  I also changed the "Certificate Subject DN: to CN=cityvpn.wirapids.org.  There were no other attributes to add.  I also changed the FQDN under the advanced tab to the same cityvpn.wirapids.org.  Then clicked Add Certificate.  Successful
    Under CA Certificates I added the certificate from file.  Which I added the bundle.crt from Godaddy.  Certificate was added successfully.
    Going back to Identity Certificates.  I click on install.  Install from a file.  Which I tried the other crt file and the bundle file from Godaddy.  I get an Error: Failed to parse or verify imported certificate.  With the other .crt file from Godaddy I get the same error, but "Certificate does not contain device's General Purpose Public Key."
    Not sure what to think.  Any suggestions or help would be great.  Thanks
    Paul

    You should never ever get a wildcard certificate. Because if that certificates private key gets stolen, the thief can impersonate all ssl-protected services. The clients view them as valid resources, because the certificate is correct. The only thing to do then, is to revocate the certificate, which will cause you to get a new certificate installed on ALL services that you had protected with the wildcard one.
    Even worse, most broswers (besides IE) ignore certificate revocation lists in various cases!

  • CSS 11501 using wildcard certificates

    Hello,
    I'm about to switch to wildcard certificates in a CSS 11501, however there are some doubts that I would like to clarify:
    - When generating the CSR can i use *.mycompany.com for CN ?
    - Should the CSR be generated only once or every time i need to create a new content rule i need to generate it?
         - If only once can I associate multiple filenames with only one certificate?
              ssl associate cert myrsacert1 certificate.pem; ssl associate cert myrsacert2 certificate.pem...
    Thanks for your help,
    Best regards,
    Claudio

    Hello Claudio,
    - When generating the CSR can i use *.mycompany.com for CN?
    Yes that will take care of any subdomain you need... something that you need to consider is that this wilcard will cover site like cars.mycompany.com or shop.mycompany.com but if you have a site that looks like ftp.shop.mycompany.com then you'll need a wildcard that looks like *.*.mycompany.com.
    The CSR is generated only once and from there you send it to your CA to have signed off.
    Not sure I fully understood your second question, once you received the cert and key whether in PFX or PEM format from your CA, you'll upload these to your CSS using FTP and then associate the file(s) to a name that is only meaningful to the SSL proxy list within your CSS.
    HTH
    Pablo

Maybe you are looking for