Help! GoDaddy Wildcard Cert

Similar Messages

• Help with wildcard cert

  I have been using a self signed cert with 100% success but we are going to start support outside devices. I am looking for a guide or something to help me. I have the PEM format keys from the Certificate Authority but not sure what to do now. RDS appears
  to be looking for pfx keys.
  Can someone point me in the right direction?

  So what i did was complete the certificate request. then exported that key which provided me with the pfx file. I imported that into my RDS under RD Web Access. It says trusted and i get a little green lock.
  We do not have a gateway or plan on using it... All goes through the VPN so this setup should work.

• Install GoDaddy wildcard SSL on WLC 2504 conroller

  I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.
  I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.
  What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword
  Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).

  Seth,
  I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.
  Kudos to Robert Wells for finding this:
  "I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."
  The Windows version of OpenSSL I used was the 0.9.8y Light version from:
  http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe
  I hope this helps someone out there with this problem.
     - Ken

• ISE 1.2 and WildCard Cert

  hello,
  i"ve found a great post from Aaron Woland about how to make/install/use Wildcard certificate.
  http://www.networkworld.com/community/blog/what-are-wildcard-certificates-and-how-do-i-use-them-ciscos-ise
  but there is something that was not answered by his post.
  Can i use WildCard cert to register node to an ISE deployement? Aka adding a Monitor only node to a admin only node
  create CSR, receiving Cert from CA, adding CA root, binding cert to CA root then exporting key, then importin on Mon node then try to register mon node? my first test didnt go well.
  Any input would be appreciated

  Basant,
  I agree with what you are saying but it seems that your statement contradicts the write up on the Cisco user guide for 1.2, there are no limitations and one of the benefits stated by the doc is that you can use wildcard certs as a cost saving measure which will allow you to install the cert on all ISE nodes.
  I do have a corporate wildcard certificate and I will attempt to register two nodes together and see what the result is.
  Also the true benefit of a wildcard cert is where the CN is *.domain.com, you should not have to generate a CSR where the CN=iseblah.domain.com with a SAN of *.domain.com, I do not think that is a cost effective wildcard cert since the CN has the fqdn of the ISE node.
  http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_cert.html
  Tarik Admani
  *Please rate helpful posts*

• ISE 1.3 public wildcard cert

  Is it a good idea and common practice to just use public CA for wildcard certificate on each ISE node to avoid any certificate warnings on non-corporate devices? 
  is it ok then to use it also for EAP-TLS authentication? Clients will still have internal CA certs.
  Or should we have a separate internal wildcard cert just for EAP-TLS. In this case, will ISE 1.3 allow me to have to wildcard certs with the same SAN (*.domain.com), one is public, the other is internal. The public one would apply to Web portals, and internal one would apply to EAP-TLS/

  Hi Trevor-
  The use of Wildcard cert is perfectly acceptable for the guest portals. As you said, this will ensure that guest users don't get the certificate trust error. 
  However, for the EAP side of the house, you will need to get a non-wildcard certificate. Many supplicants (including Windows) will NOT accept a wildcard certificate when building an EAP tunnel.
  I hope this helps!
  Thank you for rating helpful posts! 

• Wildcard Cert

  Sun Java(tm) System Messaging Server 7.3-11.01 64bit (built Sep 1 2009)
  libimta.so 7.3-11.01 64bit (built 19:44:36, Sep 1 2009)
  Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
  SunOS wpg-com1 5.10 Generic_141445-09 i86pc i386 i86pc
  I have a wildcard cert that was generated for apache. How can I add this to COMs.

  shjorth wrote:
  karl.rossing wrote:
  I have a wildcard cert that was generated for apache. How can I add this to COMs.The following URL may help (section prior to pull-config):
  http://blogs.sun.com/nsegura/entry/migrating
  Regards,
  Shane.Thanks! That helped a lot
  I was able to run openssl pkcs12 -export -out server.pk12 -in server.crt -inkey server.key -nodes -name "ALIAS" and then msgcert import-cert server.pk12
  This would be usefull information on http://wikis.sun.com/display/CommSuite/Configuring+Encryption+and+Certificate-Based+Authentication . Should I add it myself?

• Wildcard cert on WLC 4404 running 5.2

  Hi all
  I have a WLC with a cert on at the moment, it runs out in a few weeks.
  I want to replace the current cert with a wildcard cert.
  Will this be OK ?
  is it a cas     

  Hi,
  As per my exp.: yes it is supported.
  However, it seems there is still a problem with wildcards certificates if they are chained :
  Check this links:
  http://netboyers.wordpress.com/2012/03/06/wildcard-certs-for-wlc/
  Third part cert:
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
  Regards
  Dont forget to rate helpful posts

• CSS11506 - Wildcard cert ??

  We have a need to terminate multiple SSL websites on our CSS. So name1.test.com
  name2.test.com, name3.test.com etc. The problem I have found is that I need to burn 1 public VIP per SSL connection b/c they all need to use tcp 443 inbound and point to their respective cert on the CSS. Is there anyway to possibly generate a wildcard cert that matched only the last part of our domain name ( events.test.com = *.test.com ) and then get away with using only 1 VIP for the multiple sub domains ??
  Thanks for your help.
  Cheers
  Dave

  CSS can use wildcard certificate just as it uses typical server certificates.
  If you are using the CSS to create the CSR, you would use a wildcard common name
  - A "*" wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would
  match a.example.com, foo.example.com, etc. but would not match
  example.com.
  Syed

• Installing wildcard cert on ISE for HTTP/EAP

  I need to install a wildcard cert on ISE, but have no experience with wildcards.  I have the *.domain certificate, but i am not sure of the process, and the Cisco docs add to the confusion.  Am i supposed to generate a new CSR to give to the CA, do i simply install the *.domain cert?  I have read the install guide and it of course makes the assumption that you know what you're talking about, and when it comes to installing wildcards, i don't know...
  Any assistance would be greatly appreciated

  If you are already in the possession of the wildcard cert and the private key, then you don't need CSR. You can simply import the certificate in ISE:
  1. Go to Administration > Certificates > Local Certificates >  Add > Import Server Certificate
  2. Use the "browse" buttons to point to the certificate file and private key
  3. Check "Allow Wildcard Certificates"
  4. Select the protocol that you want to use it for (EAP or HTTPS or both)
  5. Hit submit
  6. Go to Certificates Store
  7. Import the root CA certificate and Intermediate CA certificate(s) (If any)
  Thank you for rating helpful posts!

• 7925g plus EAP-TLS plus wildcard cert

  Hi folks,
   Has anyone managed to put a wildcard cert on a 7925G (or 9971) to use for client authentication with EAP-TLS?  It seems like one is forced to use the MIC or a cert from a csr generated by the phone... but I'd really rather not keep track of a zillion certs.
  Thanks for any help.

  Hi,
  have you read the infos from the deployment guide (page 72 - install certificates) already
  http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

• GoDaddy SSL Cert Signed by Unknown Authority

  At my school we have one Apple server which we recently upgraded to 10.5. We're using it to run a blog for teachers. We switched the site to use SSL and purchased a GoDaddy SSL cert (the wildcard type). The common name on the certificate I created in Server Admin is for *.e-lcds.org, this is the same common name I gave to GoDaddy in the CSR.
  I received both the certificate and the intermediate certificate from GoDaddy and installed both. Server Admin now says that the site is signed correctly by GoDaddy. The intermediate certificate (looking at Keychain Access) is not signed correctly though according to the server. The error is "This certificate was signed by an unknown authority"
  In the process of originally trying to figure out SSL certs I deleted all of the GoDaddy ones which I (thought) had added to start with a new one and have it re-keyed (which worked). I unfortunately may have deleted whatever certs need to be installed to verify the intermediate cert from GoDaddy. Is there a way to re-add these? Or is this another issue altogether?
  Thanks in advance,
  -MRCUR

  I ended up wiping the server since we switched it's roles with a Linux box. I'm now using the GoDaddy SSL cert on the Linux box and the XServe.

• Windows client intermittent connection to PEAP WIFI backed off to ISE 1.2 wildcard cert

  I am setting up a topology whwere for the first time I am deplying ISE with a wildcard certificate.  This is on ISE 1.2 patch 6, WLC's running 7.6 and Windows 7 clients in AD.  The ISE policy is just to match on machine auth.
  The setting up of the wildcard cert went ok as guided by the CCO ISE 1.2 deployment/cfg guide.
  When it came to testing the client auth as always I start off with the PEAP settings of Validate server certificate off, just to confirm the WLC and ISE are playing ball.  They were, the auth passed.
  I then tick the Validate server certificate, make sure the CA (Windows AD) is in the Trusted Root Certification Authorities.  Retest and the client passes.
  If I then disconnect the wifi and reconnect, either manually or by doing a reboot, the next authenticaiton fails, but nothing has changed.  ISE reports that my Windows client rejected the server certificate.  Which is odd as it just accepted it.
  If I untick the validate the client passes, if i tick it again it will authenticate fine, once.  The next connection it will fail again with the client rejecting ISE.
  Anyone got any ideas?

  I have had a similar issue consistently with 1.2 on both pathc 5 and 6 (not sure about earlier one). Basically what I am seeing is the client rejecting the Server cert when validate is unticked. Most of the time the client connects just fine a few seconds later but some clients need a reboot to fix it. As a rule I put this down to client issue but not 100% sure some times.

• Federation with wildcard cert

  Hi,
  We have multiple SIP domains, and I am trying to reduce the number of certificates needed.
  I use a wildcard cert for one of the domains for the Edge and reverse proxy.
  It works fine to connect from outside etc. But federation is not working.
  In the DNS SRV record _sipfederationtls._tcp.domain2.com I have put the address sip.domain2.com as hostname, but it's actually pointing to a address that have the wildcard cert for *.mydomain1.com
  Is there some way to make this work without buying many certs?

  Hi,
  It is not supported to use wildcard certificate for Edge Server external interface. You need a public SAN certificate to support federation. You can use wildcard certificate for Reverse Proxy.
  For more Server Roles which wildcard certificate can be used in Lync Server environment, you can refer to the link below:
  https://technet.microsoft.com/en-us/library/hh202161.aspx
  Best Regards,
  Eason Huang  
  Eason Huang
  TechNet Community Support

• Does Convergence + messaging server 6.3 support wildcard cert ?

  Hi all,
  We plan to purchase a wildcard cert to support our convergence & messaging server SSL connection.
  from the messaging guide provide. it stated we need to generate individual private key & sent to vendor to verify
  what if we are using wildcard cert, do it work in this case ?
  Cheer
  ubd

  ubd wrote:
  So means i generate 1 wildcard cert, then apply to all other server ssl connection, or i need to generate individuallyTo use the same CA signed certificate (wildcard or otherwise) with multiple applications (Application Server and Messaging Server in this case) requires that the same private key be used across the applications. To this end you will need to export/import the certificate/keys between the applications using a utility such as pk12util.
  http://docs.sun.com/app/docs/doc/819-3671/ablrh?a=view
  http://docs.sun.com/app/docs/doc/819-4428/bgbbf?a=view
  Regards,
  Shane.

• Ironport email appliance : can i use a wildcard cert for TLS ?

  Hi all,
  We have 2 ironport C170 email appliance. I would like to use a wildcard SSL Cert from Digicert for TLS communication. I have 2 questions about it : 
  1/ Is it possible to use wildcard certificat on ironport ?
  2/ Is there any known problem with wildcard certificat for TLS use ?
  I found 2 (old) post about that :
  https://supportforums.cisco.com/discussion/10479161/tls-support-wildcard-cert
  http://www.symantec.com/connect/forums/someone-wants-enforce-tls-us-and-use-wildcard-cert
  Does someone has experience about it ?
  Thanks.

  My experience is that it works fine.
  If you have multiple domains, you have to make sure that the MX records point to the A record of the box you have certs for.
  eg. something like this:
  mx domain1.com  smtp.domain2.com
  mx domain2.com  smtp.domain2.com
  a smtp.domain2.com  x.x.x.x