Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 380
  • Last Modified:

Wild Card Certs

Is it possible to generate a specific named certicate from a wild card Public certificate? For example, if I already have *.Domain.com being used, can I use IIS to create another cert with a specific name such as PC1.Domain.com or SRV.Domain.com ?  (Without having to contact the Public CA)

Your thoughts please...
Anthony K O365
Anthony K O365
3 Solutions
No.  The whole point of a wild car certificates is that the certificate can be used with multiple names.
Create a new site, and the under the SSL configuration, assign the existing certificate (if it is on a different system, you need to export it including the private key, then import it on this system.)

Have not looked at it recently, but IIS did not use to support wildcard certificates; one had to use certificates with predefined names in the CSR.

An option might be to use a squid proxy in a reverse configuration on which the SSL connection will terminate and the request will be sent to the IIS server on port 80.
No you cannot, however you can simply export the same wild card certificate and private key in a pfx container  and use for whatever you need to on the target machine / service.
Dave HoweCommented:
Seconded (thirded?)
The whole point of a *.domain.com is it covers xxxx.domain.com for any variant of xxx - so pc1.domain.com or srv.domain.com.
A cert that can cover more than one named host is called a SAN (subject alternative name) and has to be purchased with the list of names already present.

what you are describing is an Name Constraint Intermediate CA certificate, and those are very very expensive.
Anthony K O365Author Commented:
Thanks for your comments Gentlemen! You verified what I was thinking.

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now