Wildcard certificates supported by ACE

We are considering the use of wildcard certificates for our environment. Is this supported by the ACE when using SSL offloading ?
regards,
Sebastian

be aware that certain mobile device do not support them I believe windows mobile 5.0 is one of them.

Similar Messages

  • Exchange 2007 Wildcard Certificate Supported in iPhone?

    Does the iphone support the use of a wildcard certificate?
    Our exchange infrastructure utilises a wildcard (*.companyname certificate) from godaddy. All the windows mobile 6.0 devices work fine however I know that windows mobile 5.0 did not support wildcard certificate, any help would be good.
    Thanks.

    I've manually installed the client based certificate on the iPhone (a wildcard from Network Solutions), no dice.
    Going to try using the server's cert this time...

  • Edge 2013 External Wildcard Certificate

    Hi,
    I know this has been covered a number of times but I'd like something that's been posted more recently.
    We use Lync 2013 with a wildcard certificate on our edge external interface.  Everything works as expected and that's on version 5.0.8308.556
    I've recently deployed Lync 2013 at a customer site and when applying the certificate I'm unable to sign on externally or contact federated partners.  They're running 5.0.8308.577
    When testing from Lync connectivity tester I get the following:
    Attempting to resolve the host name blah.co.uk in DNS.
    The host name resolved successfully.
    Additional Details
    Testing TCP port 443 on host blah.co.uk to ensure it's listening and open.
    The port was opened successfully.
    Additional Details
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
    Additional Details
    Elapsed Time: 758 ms.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server blah.co.uk on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
    Additional Details
    Validating the certificate name.
    The certificate name was validated successfully.
    Additional Details
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
    Test Steps
    The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.blah.co.uk, OU=Domain Control Validated.
    One or more certificate chains were constructed successfully.
    Additional Details
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
    Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    Elapsed Time: 4 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
    Additional Details
    The certificate is valid. NotBefore = 10/25/2013 2:46:03 PM, NotAfter = 10/25/2016 1:42:28 PM
    Elapsed Time: 0 ms.
    Testing remote connectivity for user [email protected] to the Microsoft Lync server.
    Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
     <label for="testSelectWizard_ctl12_ctl06_ctl03_tmmArrow">Tell
    me more about this issue and how to resolve it</label>
    Additional Details
    Couldn't sign in. Error: Error Message: Unknown error (0x80131500).
    Error Type: TlsFailureException.
    Elapsed Time: 1649 ms.
    Any help would be much appreciated!
    Thanks

    Hi,
    Wildcard certificate doesn’t support for Edge server (both external and internal interface). It is supported to use a public certificate for Edge external interface, for Edge internal interface typically use a private certificate issued by an internal certification
    authority.
    More details about certificate requirements for external user access:
    http://technet.microsoft.com/en-us/library/gg398920.aspx
    You can refer to the link below of “Wildcard Certificate Support”:
    http://technet.microsoft.com/en-us/library/hh202161.aspx
    Here is a similar case my help you:
    http://social.technet.microsoft.com/Forums/lync/en-US/6bd237eb-2e96-437b-b559-54cf95230417/lync-server-2013-edge-unknown-error-0x80131500-tlsfailureexception?forum=lyncdeploy
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Does the iphone support the use of a wildcard certificate?

    Does the iphone support the use of a wildcard certificate?
    Our exchange infrastructure utilises a wildcard (*.companyname certificate) from Godaddy.
    - Connects fine and authenticates
    - Can manually sync and pull emails
    - Can Send and Delete emails
    However server is not establishing the activesync connection and ping so mail can be pushed to the device.
    My guess is its a problem with the wildcard certificate that is used, WM5.0 devices didnt work with it, does anyone one know if the iPhone supports this?
    - I can get to OWA fine which uses the same wildcard cert.
    - WM6.0 devices push mail fine.
    Thanks.

    kfc01,
    The iPhone Deployment Guide (linked from http://www.apple.com/support/iphone/enterprise) says it does for VPN.
    Hope this helps,
    Nathan C.

  • Does ISE support wildcard certificates?

    Hello guys,
    My customer doesnt have a CA, but instead has wildcard certificates.
    I will implement ISE in 3 different locations (each location independent and with all ise services). Havent look in dept about wildcard certs, but does ISE support this type of certificates? The certs i need is only for corporate users not to be shown with the ssl cert error when accesing ise portals.
    If wild certificates supported, then will every independent site need to create a separate CSR for each one of them?
    Thanks!
    Emilio

    Support for Universal Certificates:
    Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)
    and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have
    to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN
    field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field
    allows you to share a single certificate across multiple nodes in a deployment and helps prevent
    certificate-name mismatch warnings.
    For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2. Kindly find the attached PDF for your clarification ISE 1.2 supports wildcard certificates. Even I had highlighted the same on page 14.
    Support for Universal Certificates:
    Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)
    and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have
    to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN
    field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field
    allows you to share a single certificate across multiple nodes in a deployment and helps prevent
    certificate-name mismatch warnings.
    For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2.

  • Installing wildcard certificate in a WLC (ver 7.0.240 and 7.5.102)

    Is it possible to install a widcard certificate for web auth in those versions?
    Is there any difference between this two versions.
    Are both of them versions supporting wildcards certificates?
    Here you have the log file resulting of installing the wildcart certificate in the wlc with v 7.0.240.
    *TransferTask: Nov 28 11:20:51.117: Memory overcommit policy changed from 0 to 1
    *TransferTask: Nov 28 11:20:51.319: Delete ramdisk for ap bunble
    *TransferTask: Nov 28 11:20:51.432: RESULT_STRING: TFTP Webauth cert transfer starting.
    *TransferTask: Nov 28 11:20:51.432: RESULT_CODE:1
    *TransferTask: Nov 28 11:20:55.434: Locking tftp semaphore, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
    *TransferTask: Nov 28 11:20:55.516: Semaphore locked, now unlocking, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
    *TransferTask: Nov 28 11:20:55.516: Semaphore successfully unlocked, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
    *TransferTask: Nov 28 11:20:55.517: TFTP: Binding to local=0.0.0.0 remote=10.16.50.63
    *TransferTask: Nov 28 11:20:55.588: TFP End: 1666 bytes transferred (0 retransmitted packets)
    *TransferTask: Nov 28 11:20:55.589: tftp rc=0, pHost=10.16.50.63 pFilename=/wild2013_priv.pem
         pLocalFilename=cert.p12
    *TransferTask: Nov 28 11:20:55.589: RESULT_STRING: TFTP receive complete... Installing Certificate.
    *TransferTask: Nov 28 11:20:55.589: RESULT_CODE:13
    *TransferTask: Nov 28 11:20:59.590: Adding cert (5 bytes) with certificate key password.
    *TransferTask: Nov 28 11:20:59.590: RESULT_STRING: Error installing certificate.
    *TransferTask: Nov 28 11:20:59.591: RESULT_CODE:12
    *TransferTask: Nov 28 11:20:59.591: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application
    *TransferTask: Nov 28 11:20:59.624: finished umounting
    *TransferTask: Nov 28 11:20:59.903: Create ramdisk for ap bunble
    *TransferTask: Nov 28 11:20:59.904: start to create c1240 primary image
    *TransferTask: Nov 28 11:21:01.322: start to create c1240 backup image
    *TransferTask: Nov 28 11:21:02.750: Success to create the c1240 image
    *TransferTask: Nov 28 11:21:02.933: Memory overcommit policy restored from 1 to 0
    (Cisco Controller) >
    Would I have the same results in wlc with  v 7.5.102?
    Thank you.

    Hi Pdero,
    Please check out these docs:
    https://supportforums.cisco.com/thread/2052662
    http://netboyers.wordpress.com/2012/03/06/wildcard-certs-for-wlc/
    https://supportforums.cisco.com/thread/2067781
    https://supportforums.cisco.com/thread/2024363
    https://supportforums.cisco.com/community/netpro/wireless-mobility/security-network-management/blog/2011/11/26/generate-csr-for-third-party-cert-and-download-unchained-cert-on-wireless-lan-controller-wlc
    Regards
    Dont forget to rate helpful posts.

  • I can't generated a CSR for a wildcard certificate

    I recently received a new Mac Mini OS X Server with the Server 2.2.1 app loaded.
    I cannot figure out how to create a CSR for a wildcard certificate.
    The wizard will not accept * in the input field.
    Can someone point me to the hard way of doing this?
    I need to secure every channel on the server with a wildcard SSL certificate.
    Thanks...

    Hi Gordon,
    You can use the command line to generate your wildcard CRS.
    1. Launch /Applications/Utilities/Terminal.app
    2. At the prompt, type the following command:
    openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
    Replace yourdomain with the domain name you're securing. For example, if your domain name is coolexample.com, you would type coolexample.key and coolexample.csr.
    Common Name: The fully-qualified domain name, or URL, you're securing.
    If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
    See http://support.godaddy.com/help/article/5269/generating-a-certificate-signing-re quest-csr-apache-2x?pc_split_value=3

  • Wildcard certificate in Outlook Anywhere

    I tried to fix a bit our Outlook Anywhere and set certificate for my EXPR provider to "msstd:*.domain.com" (I use *.domain.com certificate for exchange). But all Outlook clients after restart show error: "There
    is a problem with the proxy server's security certicate. The name on the security certificate is invalid or does not match the name of the target site owa.domain.com. Outlook
    is unable to connect to the proxy server. (Error Code 0)".
    I set EXPR provider to "msstd:owa.domain.com" (my exchange server address) and all works fine now.
    Why I could not switch certificate to wildcard?

    Hi,
    If you have done the following changes:
    Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com
    Please follow Ed’s suggestion to make sure the Wildcard certificate assigned with IIS service. We can run the following command to get more information about your certificates:
    Get-ExchangeCertificate | Select CertificateDomains,Services,Status
    If the Wildcard certificate is not assigned with IIS service, please
    use the Enable-ExchangeCertificate cmdlet and specify IIS services. Additionally, here is a related KB about this issue:
    http://support.microsoft.com/kb/923575
    Thanks,
    Winnie Liang
    TechNet Community Support

  • Wildcard Certificate

    I'm trying to find out if its possible to use a wildcard certificate on the Lync Edge server's External Interface.   OR maybe a better question would be if i use the wildcard what will break?  Like I've read the auto configuration will not work,
    etc.  Looking to get away from having so many certs....

    Agreed it's not supported. From memory the Edge service's don't start. Having said that yes, you can try it and if it doesn't work - simply Assign the correct certs without issue. You shouldn't have any issues with changing certs.
    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter
    @georgathomas
    Lync Edge Port Check (Beta)
    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • WLC 5508 - 7.5.102.0 - Wildcard Certificates

    Does this controller/firmware support the use of a wildcard certificate? I'm using GoDaddy as our public CA.

    Yes, it does support.
    You may visit the below listed URL while generating the CSR or installing the certificates.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • ADF Mobile: Handling wildcard certificates by GeoTrust

    Hello.
    We have developed an application with ADF Mobile and seem to be stuck at the SSL certificate for our webservice.
    We have lists of items that are filled by a java method connecting to a REST webservice. This service is secured by a wildcard certificate rather than a normal one.
    Can it be that ADF Mobile's JVM can't handle the wildcard certificates? I get the error
    javax.microedition.pki.certificateException: Certificate was issued by an unrecognized entity.
    Our certificate was issued by GeoTrust and is valid until 2015. It shouldn't be an "unrecognized entity" then right?
    Thanks for any help!
    Pascal

    Okay so these two things give me big trouble:
    First, the JVM (J2ME Spec) doesn't include any API's to disable SSL verification as can be found here:
    Re: How to Trust All SSL Certificates? (Disable Validation)
    Also The RestServiceAdapter probably uses HttpConnection class which doesn't support wildcard SSL certs. The problem is known as can be read here:
    http://www.sslshopper.com/article-wildcard-ssl-certificate-pros-and-cons.html
    So...if the backend uses a wildcard cert and this can't be changed and the webservice has to be secured, adf mobile is no good :(

  • Ramifications of assigning a wildcard certificate to the SMTP service (needed for Exchange 2010 Hybrid Configuration - Office 365)

    Hello All:
    I am receiving an error when I run the Manage Hybrid Configuration wizard - ERROR:Updating hybrid configuration failed with error 'Subtask NeedsConfiguration execution failed: Configure Recipient Settings. I have opened a SR, but figured I'd try the forums,
    too. I have a wildcard certificate from GoDaddy (MS says they support wildcards from GoDaddy) & that cert has only the IIS service applied to it on the CAS. I've read in the Exchange Server Deployment Assistant that it should have the SMTP & IIS services
    assigned to it, but my question is - SMTP on the CAS (separate server) or on the Mailbox/Hub Transport (separate server)? And what are the ramifications of assigning the SMTP service to, let's say, the CAS? We have had multiple issues every time the servers
    get updated/changed; I do not want to disrupt services further, as the Manage Hybrid Configuration will be done during business hours.
    If anyone can provide any assistance/clarification, it would be most appreciated.
    Thank you.

    Hi,
    We can enable a Wildcard certificate with SMTP service for Exchange Hybird Deployment. The SMTP service can be assigned to multiple certificates. For some Exchange services such as OWA, Ecp, ActiveSync, Autodiscover service, OOF, it is used with Exchange
    certificate with IIS service. And there is usually only one certificate can be assigned with IIS service.
    Please just make sure your Wildcard certificate can contain all namespaces which are used for all internal URL and External URL configuration in Exchange services. About how to import an existing wildcard certificate on the Exchange 2010 Hybird servers,
    please refer to the Import & Enable Third Party Certificate on Hybrid Servers
    part in the following article:
    http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-hybrid-deployment-migrating-to-office-365-exchange-online-part9.html
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
    make sure that you completely understand the risk before retrieving any suggestions from the above link.
    Regards,
    Winnie Liang
    TechNet Community Support

  • Using wildcard certificate

    hi, I have a wildcard certificate, *.contoso.com, with no SAN description. I use this certificate for all web server. It's possibile to use this certificate for connect mobile users to lync 2013?
    Thanks
    Bruno
    Bruno Ausiello

    Hi,
    Wildcard entries are supported for the Simple URLs (meet, dialin, etc) but you cannot use them for anything else including the external web services FQDNs. So the wildcard certificate can reduce the cost of certificates placed on reverse proxy servers to
    publish the various external Simple URLs, but still you need a SAN certificate to publish other SANs such as external web services FQDN.
    More details:
    https://technet.microsoft.com/en-us/library/jj205381.aspx
    Best Regards,
    Eason Huang
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Eason Huang
    TechNet Community Support

  • ACS Wildcard Certificate Install for PEAP

    Does ACS support Wildcard certificate authentication, such as *.domain.com?  We installed the certificate through ACS using CA, but when using wireless devices, the certificate is still not verified.  Any information would be helpful before we go and purchase another certificate.  Thank you.

    Can someone validate whether wildcard certs are supported with ACS and PEAP, please.  I'm running into the same issue that Jason outlines above.  It seems that Windows clients specifically don't like the wildcard cert. I have tried with Mac and iPhone and they seem to work if you accept the cert into the keychain on first connect.

  • GoDaddy wildcard certificate on Lion

    I have purchased a wildcard certificate from GoDaddy.com to cover our domain.  I have the certificate along with the GoDaddy intermidiate certification installed on our Lion server.  The server allows me to use the certifcate for all of the services except Web.  If I choose the wildcard certificate for web, save the change and then go back it in the certificate is set to none.  Does anyone know if the Lion Web server can use a wildcard certificate or is something specific to GoDaddy?
    Thanks
    Mark

    http://support.godaddy.com/help/topic/186

Maybe you are looking for

  • How can I make a pdf book with "camera to pdf" option on phone? I can only convert one pic at a time

    How can I make a pdf book (single pdf file with several pages)  with "camera to pdf" option on phone? I can only convert one pic at a time. ( Or )how can I attach all those pictures converted pdf's into one pdf file which obviously results in to a si

  • Drivers for HP pavillion p6-2361 for windows 7 64 bit

    I need drivers for HP pavillion p6-2361 for windows 7 64 bit

  • I just got my iPhone in the mail

    Just got off the phone with Sprint-I was her first iPhone customer. I am up and running! I couldn't believe that everything automatically synced from my Macbook to my phone. I love this-now to figure out how to use it!

  • File or picture upload in survey tool

    Hi, we want to use survey tool for gathering some information from customer location. Here there is a need to to provide a facility to user to load a file or picture.First of all can i do this using survey tool if so can anybody pls provide the way o

  • Issue with whatsapp

    Hello, I Have observed following two issues in using Whatsapp with Iphone: 1. Cant send multiple videos through Whatsapp. 2. When I send a long video (may be around 5-6 mins) through Whatsap it just sends only first 1-2 mins. Now I believe this the i