?
Solved

Wild Card Certs

Posted on 2014-07-20
4
Medium Priority
?
372 Views
Last Modified: 2014-07-21
Is it possible to generate a specific named certicate from a wild card Public certificate? For example, if I already have *.Domain.com being used, can I use IIS to create another cert with a specific name such as PC1.Domain.com or SRV.Domain.com ?  (Without having to contact the Public CA)

Your thoughts please...
0
Comment
Question by:Anthony K O365
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 79

Assisted Solution

by:arnold
arnold earned 664 total points
ID: 40208198
No.  The whole point of a wild car certificates is that the certificate can be used with multiple names.
Create a new site, and the under the SSL configuration, assign the existing certificate (if it is on a different system, you need to export it including the private key, then import it on this system.)

Have not looked at it recently, but IIS did not use to support wildcard certificates; one had to use certificates with predefined names in the CSR.

An option might be to use a squid proxy in a reverse configuration on which the SSL connection will terminate and the request will be sent to the IIS server on port 80.
0
 
LVL 29

Accepted Solution

by:
becraig earned 668 total points
ID: 40208200
No you cannot, however you can simply export the same wild card certificate and private key in a pfx container  and use for whatever you need to on the target machine / service.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 668 total points
ID: 40208422
Seconded (thirded?)
The whole point of a *.domain.com is it covers xxxx.domain.com for any variant of xxx - so pc1.domain.com or srv.domain.com.
A cert that can cover more than one named host is called a SAN (subject alternative name) and has to be purchased with the list of names already present.

what you are describing is an Name Constraint Intermediate CA certificate, and those are very very expensive.
0
 

Author Closing Comment

by:Anthony K O365
ID: 40208866
Thanks for your comments Gentlemen! You verified what I was thinking.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question