Wildcard SSL certificates

Hi, I was wondering if someone got CSS1150X with SSL accelerator working with wildcard SSL certificate. We have 10+ sites we would like to enable SSL and figured wildcard certificates are way to go based on the cost. Specially, since most of the wildcard certificates comes with limitation of being able to install it on only one physical machine. I assume CSS would be considered one physical machine if SSL traffic is terminated on the CSS, however, wanted to find out whether wildcard SSL certificate is supported on CSS. We are using CSS11503 and depending on whether it supports wildcard certificate, we are planning on purchasing SSL accelerator.

Thanks for the information, Gilles. Looking at the pricing structure of SSL certificates, I wonder why wildcard certs aren't widely used as one would expect based on the cost. Well, I guess I will find out when I implement one. Thanks again.

Similar Messages

  • Can't install a wildcard SSL certificate

    Running ML Server. I have a GoDaddy issued wildcard SSL certificate to *.mydomain.com. The certificate is currently installed on a different (non-Mac OS) server. I am able to cut and paste the main certificate, private key and other chain certificates from that server's interface and paste into a text file using TextWrangler. On the OS X server I deleted all of the old certificates in KeyChain (this server had an old wildcard version of the certificate before), deleted the old wildcard cert in Server.app and deleted the corresponding files in /etc/certificates
    I then created a new self-signed certificate for *.mydomain.com in Server.app, then selected it, went to Manage Certificates and tried up update the self-signed certifcate with the signed certificate using the Server.app interface. The interface enables you to drag and drop certifcate and chain files to add.
    However, this is where it gets strange...
    The first time I drag the certificate file to the interface, I get the green + symbol, let go and nothing happens. If I do it again, the interface lights up green again, but this time it adds it to the Non-identify certificate list. I am able to replicate this every time!
    Why does the interface show me the first time that I can drag the file, but does nothing, and then the second time adds it as a non-identity certificate? Same behavior happens if I start with the chain certificate as well.
    I can confirm that the four certificate files show up in /etc/certificates, but they appear to be generated by the self-signed certificate creation.
    Any insights appreciated! TAA

    In fact i had the same issue last week and i could only solve it by exporting the key with the certificate in a PCKS12 file. Fortunately this is supported by the windows certificate manager where the certificate was originally installed.
    You could take your key and certificate files and merge them into a PKCS12 file using openssl (go to terminal, it is installed on an OSX box) and fire the following command (and change the filenames ;-)):
    openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt
    The openssl tool requests a passphrase for the created file that you will need to provide again when the key is imported into the keychain.
    Good luck with it

  • Wildcard SSL Certificates with MFE?

    Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
    We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
    Before doing anything I figured I'd try a website that used a wildcard certificate.
    When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
    My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
    If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
    Thanks.

    This is interesting question. I look forward testing this myself
    What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
    Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you!

  • Wildcard * SSL Certificates for TTA??

    Is there any way I can use a wildcard SSL certificate like:
    *.mycompany.com
    in my TTA server?
    I was able to run all the cert commands successfully using the
    *.mycompany.com cert:
    Generated the CSR (tarantella security certrequest)
    Installed the Cert File (tarantella security certuse)
    Installed the Chained CA cert (tarantella security customca)
    Review/validate certinfo (tarantella security certinfo)
    The TTA-installed Apache webserver was fine with the wildcard certificate
    since I was able to goto:
    https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
    But after I went to:
    https://subdomain.mycompany.com/tarantella/
    I got the following errors in my Java Console:
    Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
    server...
    Secure Global Desktop 4.10.903: Using secure connection to
    Secure Global Desktop server subdomain.mycompany.com:443
    Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
    for this Secure Global Desktop server (subdomain.mycompany.com) due to name
    mismatch.
    Secure Global Desktop 4.10.903: Client dropping connection.
    Secure Global Desktop 4.10.903: Unable to connect: Certificate
    (*.mycompany.com) not accepted for this Secure Global Desktop server
    (subdomain.mycompany.com) due to name mismatch.
    Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
    Is there a way that I can get the applet to do a regex-ish match on the name
    for wildcard certs?
    Cyrus

    Hi Cyrus
    I was loosely referring to PKI rules e.g.
    http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
    http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
    Wildcarding isn't supported. I understand what you are trying to do now
    but it won't work because the software is looking for a certificate
    matching a single server.
    The certrequest command is just a wrapper script for openssl so it won't
    stop you doing anything the openssl command believes may be valid. You don't
    actually need to use this command it's just there for convenience, you
    could do everything just using openssl.
    The current documentation doesn't explictly state that you can't use
    wildcards in certificates but it does say you need a certificate for a
    SGD server. My understanding of the wildcard issue is that it is up to
    a particular application to decide what is appropriate.
    http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
    Regards
    Barrie
    On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
    May I inquire as to where these rules are listed regarding SSL Certs, I
    didn't see anything to the effect in the documentation. Also why weren't
    the rules enforced at certificate generation time. Even the validation
    command (tarantella security certinfo) had no problems.
    The CSR generation/signing went through flawlessly and created a wildcard
    cert that Apache could use. It's one thing if the whole cert process
    couldn't handle a wildcard, but it seems like everything would have worked
    if only the applet accepted a wildcard regex match.
    Regards,
    Cyrus
    barrie wrote:
    Hi Cyrus
    No, sorry. The rules say you can't do that. You are required to have a
    certificate for a node not a network.
    Regards
    Barrie
    On 2005-08-05, CM <[email protected]> wrote:
    Is there any way I can use a wildcard SSL certificate like:
    *.mycompany.com
    in my TTA server?
    I was able to run all the cert commands successfully using the
    *.mycompany.com cert:
    Generated the CSR (tarantella security certrequest)
    Installed the Cert File (tarantella security certuse)
    Installed the Chained CA cert (tarantella security customca)
    Review/validate certinfo (tarantella security certinfo)
    The TTA-installed Apache webserver was fine with the wildcard certificate
    since I was able to goto:
    https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
    But after I went to:
    https://subdomain.mycompany.com/tarantella/
    I got the following errors in my Java Console:
    Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
    server...
    Secure Global Desktop 4.10.903: Using secure connection to
    Secure Global Desktop server subdomain.mycompany.com:443
    Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
    for this Secure Global Desktop server (subdomain.mycompany.com) due to
    name
    mismatch.
    Secure Global Desktop 4.10.903: Client dropping connection.
    Secure Global Desktop 4.10.903: Unable to connect: Certificate
    (*.mycompany.com) not accepted for this Secure Global Desktop server
    (subdomain.mycompany.com) due to name mismatch.
    Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
    Is there a way that I can get the applet to do a regex-ish match on thename
    for wildcard certs?
    Cyrus

  • SA520 Wildcard SSL Certificate?

    I have a wildcard SSL certificate for our domain from RapidSSL.  I installed the intermediary certificates fine but I can't get the acutal cert to install.  I get the message "Can't Upload Invalid Self Certificate" message.  Has anyone else ever successfully used a wildcard cert with an SA?

    Hello Mr. Williamson,
    In order to get a new SSL certificate please follow the next instructions:
    STEP 1 : Click Administration > Authentication.
    The Authentication (Certificates) window opens.
    STEP 2 For each type of certificate, perform the following actions, as needed:
    • To add a certificate, click Upload. You can upload the certificate from the PC
    or the USB device. Click Browse, find and select the certificate, and then
    click Upload.
    • To delete a certificate, check the box to select the certificate, and then click
    Delete.
    • To download the router’s certificate (.pem file), click the Download button
    under the Download Settings area.
    STEP 3 To request a certificate from the CA, click Generate CSR.
    The Generate Certification Signing Request window opens.
    a. Enter the distinguished name information in the Generate Self Certificate
    Request fields.
    • Name: Unique name used to identify a certificate.
    • Subject: Name of the certificate holder (owner). The subject field populates
    the CN (Common Name) entry of the generated certificate and can contain
    these fields:
    - CN=Common Name
    - O=Organization
    - OU=Organizational unit
    - L= Locality
    - ST= State
    - C=Country
    For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US
    Whatever name you choose will appear in the subject line of the generated
    CSR. To include more than one subject field, enter each subject separated
    by a comma. For example: CN=hostname.domain.com, ST=CA, C=USA
    • Hash Algorithm: Algorithm used by the certificate. Choose between MD5
    and SHA-1
    • Signature Algorithm: Algorithm (RSA) used to sign the certificate.
    • Signature Key Length: Length of the signature, either 512 or 1024.
    • (Optional) IP Address, Domain Name, and Email Address
    b. Click Generate.
    A new certificate request is created and added to the Certification Signing
    Request (CSR) table. To view the request, click the View button next to the
    certificate you just created.
    Or you could check it on the next link. please check page 191
    http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf
    hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
    Thank you

  • Cisco ASA 5585-X SSP-20 SSL wildcard SSL certificate support ?

    Hello
    i want to verify if Cisco ASA 5585-X SSP-20 supports Wildcard SSL's.
    Cheers

    Supports them how?
    As certificates issued to the ASA and properly bound to it's interfaces to support SSL VPN or ASDM access - yes.
    You can configure a wildcard (or any other) certificate improperly and cause things not to work. However it's not a limitation of the device's operating system not supporting it.

  • Nexus 7000 SSL wildcard SSL certificate support ?

    Hello
    i want to verify if Nexus 7000 supports Wildcard SSL's.
    Cheers

    I have the same problem on a 5515-X, and I've tried pretty much the  same things. The weird thing for me is that everything worked great  until I did an OS upgrade. Back on 8.6.1, my browser successfully  verified the certificate on my SSL VPN login page, and AnyConnect never  brought up any warning boxes. But after I upgraded to 9.1.3, the box was  back to using a self-signed cert. The wildcard identity certificate  seems to have just disappeared, though the GoDaddy CA cert and my local  CA cert both stayed intact.
    I've used OpenSSL to convert and verify my cert file  in a number of different ways, but all of my supposedly valid files  still get the import operation failed message. So it seems like there  was some OS change that suddenly made my wildcard incompatible, but I  haven't figured out what it is yet.
    Hope this helps, for both our sakes.

  • URL problems with SQL Server Reporting Services 2012 with wildcard SSL certificate

    Hi,
    I have single server, domain member, with SQL Server 2012 SP1 Reporting Services.
    I am trying to get work with url: https://reports.mydomain.com
    I have valid wildcard certificate (*.mydomain.com) implemented and configured URLs in Configuration Manager.
    https://reports.mydomain.com/ReportServer - works fine
    https://reports.3pro.hr/Reports/ - I got error:
    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
    In rsreportserver.config I have:
    <Add Key="SecureConnectionLevel" Value="2"/>
    When looking my ReportServerService_date.log file I have something like:
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server internal url https://localhost:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using report server external url https://serverhostname:443/ReportServer.
    configmanager!DefaultDomain!3f4c!03/10/2013-20:24:34:: i INFO: Using url root https://reports.mydomain.com/ReportServer.
    Also, error shown in log file:
    appdomainmanager!ReportManager_0-2!4c50!03/10/2013-20:24:53:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2010.asmx.
    ui!ReportManager_0-2!4c50!03/10/2013-20:24:54:: e ERROR: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException:
    The remote certificate is invalid according to the validation procedure.
    Btw, is there a way to delete/disable access using https://localhost and/or servername (not FQDN) since SSL will not work in this way for me, and I want access only by full url - https://reports.mydomain.com , not localhost ..
    -- Hrvoje Kusulja

    I spent one of my 4 free support incidents with Microsoft (part of MSDN subscription) this year to get this investigated.  The tech support person helped me through several issues but had to leave to attend some training, and I got past the last hurdle
    before she called me back.  Here are the steps that resolved this issue for me.  I know for sure that step 5 was necessary.  Step 1 may not apply to you, and steps 2-4 may or may not have been necessary (they didn't immediately fix the issue,
    but I didn't roll them back either so they may have been necessary.)
    Step 1:
    Ensure you are editing the correct rsreportserver.config file.  I had been making changes to a file that was installed in C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\WebServices\Reporting, but that was a rsreportserver.config
    file for some sharepoint integration that I'm not using.  The correct path on my system was E:\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config, but yours may vary. If you can't figure it out, look in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft
    SQL Server\MSRS11.MSSQLSERVER\Setup in the key named SQLPath, and then go to the ReportServer subdirectory of that path.
    Step 2: 
    In rsreportserver.config, ensure that SecureConnectionLevel is set to the value 3.  Was set to 0 in my configuration.  Corrected line in your rsreportserver.confiog file should look like:
    <Add Key="SecureConnectionLevel" Value="3"/>
    Step 3:
    In rsreportserver.config, add the correct value to the <URLRoot> element (which already exists in the file.)  In my configuration, this value was blank.  The value should be the fully qualified path to your report server, with a hostname that
    is valid for your certificate.  For example, if my cert matches *.mydomain.local:
    <UrlRoot>
    https://myserver.mydomain.local/ReportServer
    </UrlRoot>
    Step 4:
    Ensure that your certificate exists in Trusted Root Certification Authorities in certmgr for the local machine.  I had the certificate installed as a Personal certificate for the local machine, which I still think was correct (the certificate wasn't actually
    the problem and worked correctly for Report Server, and the failure was caused by SSRS incorrectly making a https request to a localhost URL), but she had me remove the certificate from Personal and add it to Trusted Root Certificate Authorities.  That
    broke things and the cert was no longer listed as a cert I could bind to, so we then copied it so it existed in both Personal and Trusted Root Certificate Authorities.  This is how I left it, not sure if that was necessary.
    Step 5:
    This was the fix that finally got things to work. In rsreportserver.config, add the same value to the <ReportServerUrl> element (which also already exists in the file) that you added in step 3.  In my configuration, this value was also blank.
    The corrected value should be the same as in step 3, for example:
    <ReportServerUrl>
    https://myserver.mydomain.local/ReportServer
    </ReportServerUrl>
    Then restart your report server (stop & then start in Report Server Configuration Manager), and the problem should go away.  At least it did for me.
    Good luck!

  • New Wildcard SSL certificate

    Guys,
    We had a certificate expire on our CAS servers that was used for webmail, autodiscover etc. WE had purchased a wildcard cert for use on the newly installed ADFS servers for our migration to office 365. Rather than renew the original SAN cert, I imported
    the wildcard cert into cas, (same domain name) bound the cert in IIS, then completed an IISRESET. Launched outlook again, it prompted to accept the new wildcard cert. I accepted it. Logged out of outlook, launched again, prompted again for certificate. I then
    installed the certificate via the prompts in outlook. Yet each time I launch outlook, it is still asking to accept certificate. Any thoughts?

    Guys,
    Thanks for the suggestions, but here is the fix.
    I finally received a call from MSFT in regards to the certificate popup in Outlook. From what I had written earlier, I was on the right track, but it was ultimately an autodiscover issue.
    For this conversation, my client’s domain name is Domain.com
    FQDN names of the CAS servers are CAS01.nyc.domain.com / CAS02.nyc.domain.com
    Now, all the steps that were completed, importing the *.domain.com cert into Exchange via EMC, and importing the cert using Certificate manager snap-in were successful. I was curious if the *.domain.com would cover a servers name if the server name was like
    my client, CAS01.nyc.domain.com. Typically it’s just CAS01.Domain.com. You would think so, but I was not totally convinced. MSFT did say that it is fine for the server, but, the AutodiscoverInternalURL CAS01.nyc.domain.com was the underlying problem. Once
    the outlook client tried to login, it used the AutodiscoverInternalURL, which was shown to be
    https://CAS01.nyc.Autodiscover.domain.com/Autodiscover/Autodiscover.xml . Same for CAS02
    So we ran the command below which removed the nyc,
    Set-ClientAccessServer –Identity CAS01 -AutoDiscoverServiceInternalUri
    https://CAS01.autodiscover.domain.com/autodiscover/autodiscover.xml
    Same for CAS02. Completed an IISRESET, all better now…….

  • Wildcard ssl

    So our company has a Wildcard SSL Certificate that we use for most of our websites, and I've just setup a new 10.8 server for the use of profile manager.  I've added our Wildcard SSL certificate to the systems keychain and trusted in but for the life of me I can't get the SSL Cert to take.  I see it listed in the Server manager and select it and save the changes, but then I open up the SSL Cert again and there is nothing selected.
    Any ideas?
    Thanks in advance.

    So in server app go to
    Hardware>Settings then click edit beside SSL certificate
    Click manage certs and hit the + and create certificate identity
    On the first page of the wizard you want to check "override defaults"  step through the rest of the wizard (pretty straight forward) until you get to the Subject Alternate Name extension.  in the dNSName you want to enter *.mydomain.com.  Finish the wizard and allow it access to your keychain.
    Then use that cert and "generate certificate signing request (CSR) and use that to create your SSL.  Download your certs.  Go back into server app
    Hardware>Settings then click edit beside SSL certificate
    Select the cert you made and click on the gear "Replace Certicate with signed or renewed Cert"  and drag in your server.mydomain.com.crt cert (the one you downloaded).
    Next open up keychain access app and select:
    System
    Certificates
    then drag in the intermediate cert (need to enter your local admin password)
    That should link your cert up
    Let me know if that makes sense

  • Wildcard SSL Server 3.2.1

    I purchased a wildcard SSL certificate from Go Daddy. My public website is hosted by go daddy (www.example.com). I have a server (OS X 10.9.5, Server 3.2.1) in the office to handle printer, file sharing, profile manager, etc. (server.example.com) I want to assign an SSL for the server, and the public website on go daddy. I cannot however enter *.example.com in the host name field on the Get a Trusted Certificate dialog. If I allow it to use server.example as the host name, when I paste the CSR into Go Daddy's site, it of course gives me the error that the CSR is only for a sub domain, not a wildcard.
    Can anyone help me? I want to use the Wildcard to secure example.com as well as server.example.com and any other subdomain...

    You can't do that through the Server app.
    Generating a Certificate Signing Request (CSR) - Apache 2.x | GoDaddy Help

  • Install GoDaddy wildcard SSL on WLC 2504 conroller

    I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.
    I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.
    What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword
    Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).

    Seth,
    I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.
    Kudos to Robert Wells for finding this:
    "I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."
    The Windows version of OpenSSL I used was the 0.9.8y Light version from:
    http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe
    I hope this helps someone out there with this problem.
       - Ken

  • Installing SSL certificate Windows Server 2012R2 RDSH servers

    Hello,
    I'm currently in the final fase of installing an functional Remote Desktop (Windows Server 2012R2) environment. The only problem i have, which i try to complete several days now without any luck, is the installation of our WildCard SSL certificate on de
    Remote Desktop Session Host servers (farm).
    We have 1 gateway server which is also the connection broker. On this server i have installed (using the Deployment Properties of the Session Collection) the certificate on all available levels. But still, when i try to connect to our Remote Desktop Servers
    i get the automatically created certificate from the Remote Desktop Session Host servers. The certificate works for all the other functions (gateway etc.)
    The servers are joined to the domain, and the wildcard certificate = *.zon-ict.nl.
    Below the screenshot of the deployment settings.
    Can someone point me in the right direction for installing the certificate on the RDSH servers?

    Hi,
    Thank you for posting in Windows Server Forum.
    Basic requirements for Remote Desktop certificates:
    1. The certificate is installed into computer’s “Personal” certificate store. 
    2. The certificate has a corresponding private key. 
    3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
    Please follow beneath article for details.
    Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
    http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • Is it possible to use single ssl certificate for multiple server farm with different FQDN?

    Hi
    We generated the CSR request for versign secure site pro certificate
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
    And the same message when trying to access https://www.abc.com from Google Chrome.
    "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
    so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
    Now my question is
    1. Is is possible to  remove above errors doing some ssl configuration on ACE?
    2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
    Thanks
    Waliullah

    If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
    Hope this helps,
    Sean

  • Error after SSL Certificat update

    I updated the SSL certificate on a Win2003 SP2 server with IIS6.0
    The initial certificat was a single URL certificate and is replaced by a wildcard one.
    After installing the certificate (and it's CA chain) using the mmc I changed the certificate in IIS and configured the SSLBinding using "cscript.exe
    adsutil.vbs".
    The result is an SSL ERROR.
    The CA chain and the certificate are two CRT files.
    Here is the result of the "certutil.exe -store my"
    command :
    C:\Documents and Settings\Administrateur.W2K79>certutil -store my
    ================ Certificat 0 ================
    Numéro de série : 4899717f3b1ba89dedb7c472d575cb01
    Émetteur: CN=Thawte SSL CA, O=Thawte, Inc., C=US
    Objet: CN=*.bourgenbresse.fr, OU=Collectivite, O=COMMUNE DE BOURG EN BRESSE, L=B
    OURG EN BRESSE, S=Ain, C=FR
    Il ne s'agit pas d'un certificat racine
    Hach. cert. (sha1): eb 03 df 43 a8 03 e5 5f b1 52 fc e7 5b a9 0b 0c 19 2a 15 8a
    Aucune information sur le fournisseur de clé
    Pas de propriétés pour le jeu de clé dans le magasin
    ================ Certificat 1 ================
    Numéro de série : 023fcc
    Émetteur: CN=GeoTrust DV SSL CA, OU=Domain Validated SSL, O=GeoTrust Inc., C=US
    Objet: CN=www.portailenfance.bourgenbresse.fr, OU=Domain Control Validated - Qui
    ckSSL(R) Premium, OU=See www.geotrust.com/resources/cps (c)11, OU=GT68088061, O=
    www.portailenfance.bourgenbresse.fr, C=FR, SERIALNUMBER=R2RJ3sRPOrW0Q3XZYvvpcP05
    TqodNAru
    Il ne s'agit pas d'un certificat racine
    Hach. cert. (sha1): 12 49 a6 95 9a 67 05 86 d9 a3 64 cb a7 a7 78 ee 6c eb 94 52
      Conteneur de clé = cecd6bee4621365b6e763b9bfcd773cf_b3f7eefb-5c14-4333-a5bb-29
    d40b271698
      Fournisseur = Microsoft RSA SChannel Cryptographic Provider
    Succès du test de cryptage
    CertUtil: -store La commande s'est terminée correctement.
    Please help !

    It seems that the key for the wild card certificate has not been found. The output shows a valid key for the other cert. ("1") but no key information for the wild card cert ("0"). I assume, that when you double-click the certificate in
    the computer's Personal store you don't see the message You have a Private Key...
    (on the bottom of the General tab), right?
    Windows 2003 sometimes needed some extra effort to "connect" key and certificate, in addition to just importing it (I am assuming that you imported it to the machine where you had created the key).
    Check if the command line tool certutil is available. If not, install the W2K3 admin pack (download e.g.
    here).
    Double-click the new server certificate, go to Details...
    Scroll down the list of attributes and locate the Serial Number. Copy the serial number value.
    At the command shell run as a local admin:
    certutil -repairstore my "<Serial Number>"
    If this has been successful you should now see the message You have a Private Key... when double-clicking the certificate.
    Elke

Maybe you are looking for

  • Acrobat 8: JobOptionsFolder / PDF Admin Settings in Windows registry

    Hello, Systems are Windows XPSP2, Acrobat Professional 8.1.2 We would like to share *.joboption files via a readonly server share (W2K3 Server). In the windows registry we find two values with the default path to the *.joboptions files: 1. HKLM\Softw

  • User Exit / BADI for Header Text in IW21

    Dear All, I have an requirement to update a header text of IW21 (Creating Notification) with some condition, ie., Header Text should be updated with different text (some information along with entered text) depends on Notification type and Functional

  • JSF Custom component for table pagination and sorting

    hi i want such a custom component that render a table and table has the features of pagination and column sorting. any one know from where i can get such a custom component. (if this component is available with source then it would be more help full

  • Subscribe button doesn't work

    I have my iWeb site forwarded to a personal domain site, but published through .Mac. Whenever I click on my RSS Subscribe button I am taken to a page that says "Object not found" Anybody know what I should do?

  • DIAL UP CONFIGURATION ON SOLRIS 10 [INTEL]

    I would like to know the steps to configure DIAL UP CONNECTION ON intel base solaris 10.