Solved

Wild Card Certs

Posted on 2014-07-20
4
361 Views
Last Modified: 2014-07-21
Is it possible to generate a specific named certicate from a wild card Public certificate? For example, if I already have *.Domain.com being used, can I use IIS to create another cert with a specific name such as PC1.Domain.com or SRV.Domain.com ?  (Without having to contact the Public CA)

Your thoughts please...
0
Comment
Question by:K Anthony O365
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 79

Assisted Solution

by:arnold
arnold earned 166 total points
ID: 40208198
No.  The whole point of a wild car certificates is that the certificate can be used with multiple names.
Create a new site, and the under the SSL configuration, assign the existing certificate (if it is on a different system, you need to export it including the private key, then import it on this system.)

Have not looked at it recently, but IIS did not use to support wildcard certificates; one had to use certificates with predefined names in the CSR.

An option might be to use a squid proxy in a reverse configuration on which the SSL connection will terminate and the request will be sent to the IIS server on port 80.
0
 
LVL 29

Accepted Solution

by:
becraig earned 167 total points
ID: 40208200
No you cannot, however you can simply export the same wild card certificate and private key in a pfx container  and use for whatever you need to on the target machine / service.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 167 total points
ID: 40208422
Seconded (thirded?)
The whole point of a *.domain.com is it covers xxxx.domain.com for any variant of xxx - so pc1.domain.com or srv.domain.com.
A cert that can cover more than one named host is called a SAN (subject alternative name) and has to be purchased with the list of names already present.

what you are describing is an Name Constraint Intermediate CA certificate, and those are very very expensive.
0
 

Author Closing Comment

by:K Anthony O365
ID: 40208866
Thanks for your comments Gentlemen! You verified what I was thinking.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question