Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

wildcard certificate

Posted on 2014-09-10
8
Medium Priority
?
234 Views
Last Modified: 2014-10-16
Hi Experts,

we are using a wildcard cert for our domain and the external connections to our webservers.
The cert is :    *.domain.at
Now we have one cert which expires in one week -> day.domain.at

How to renew this cert in IIS ?
Or do I have to order a new one ?
How to create a cert out of the wildcard cert ?
0
Comment
Question by:Eprs_Admin
  • 4
  • 3
8 Comments
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 40314541
The reason for using a wildcard certificate is that you can use the cert for multiple applications under a single domain name, for example:  domain.at.  This means that any host under "domain.at" can be secured using this wildcard certificate.

If you have a host named "day" belonging to "domain.at" and it is using a wildcard cert for *.domain.at AND the cert for this domain is expiring soon, then the cert for all objects/devices/applications using the *.domain.at cert will soon expire.

If you have a certificate configured for day.domain.at that is expiring, then the host is either:

1. not using the wildcard cert for *.domain.at and you need to renew the cert configured for day.domain.at
- or -
2. using the wildcard cert which is about to expire and you need to renew the wildcard cert

Usually the Certificate Authority you purchased you wildcard cert from (eg: VeriSign, Thawte, GoDaddy, DigiCert, etc) has detailed instructions on how to go about renewing an existing certificate purchased thru them.

Where did your company purchase their cert from?

Dan
0
 

Author Comment

by:Eprs_Admin
ID: 40314714
I have taken over this config.

For me is strange I have a cert called : site.domain.at
For this site I have a cert. On the the IIS I check the cert store and it will expire on 13.9.2014

When I go to IE and type the homepage of site.domain.at and I check the cert here,
then it is written :

Issued to: *.domain.at
Issued by: EssentialSSL CA -> COMODO
Valid to: 10.10.2014

Which one I have to renew now ?
0
 
LVL 29

Accepted Solution

by:
Dan McFadden earned 2000 total points
ID: 40314765
Just because a cert is in the certificate store, does not mean it is being used.  You can verify what cert the site is using thru a browser (as you did) and thru IIS Manager as well.  I would recommend looking in IIS Manager and verifying your findings from your browser test.

Either way, if the dates you listed above are real, I would renew your wildcard immediately.  Since you have a wildcard cert that is valid for *.domain.at, I would let the site.domain.at cert expire.  It is not needed because your wildcard covers that device.

Dan
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Eprs_Admin
ID: 40314798
OK then I renew it quickly...
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 40315610
Check is the website in the IIS is using the wild cared certificate , from the binding windows, https--> select the correct certificate.
0
 

Author Comment

by:Eprs_Admin
ID: 40322578
yes it is selected in the https bindings
0
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 40322636
If you are confident that all your websites are using the wildcard certificate, then after renewing it and reinstalling it on your web server, you should be fine.  You will have to select the renewed cert in order for the sites to get the update.

Dan
0
 

Author Comment

by:Eprs_Admin
ID: 40322725
ok I have created the CSR and sent it now to the company to get the cert.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question