Solved

wildcard certificate

Posted on 2014-09-10
8
231 Views
Last Modified: 2014-10-16
Hi Experts,

we are using a wildcard cert for our domain and the external connections to our webservers.
The cert is :    *.domain.at
Now we have one cert which expires in one week -> day.domain.at

How to renew this cert in IIS ?
Or do I have to order a new one ?
How to create a cert out of the wildcard cert ?
0
Comment
Question by:Eprs_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 40314541
The reason for using a wildcard certificate is that you can use the cert for multiple applications under a single domain name, for example:  domain.at.  This means that any host under "domain.at" can be secured using this wildcard certificate.

If you have a host named "day" belonging to "domain.at" and it is using a wildcard cert for *.domain.at AND the cert for this domain is expiring soon, then the cert for all objects/devices/applications using the *.domain.at cert will soon expire.

If you have a certificate configured for day.domain.at that is expiring, then the host is either:

1. not using the wildcard cert for *.domain.at and you need to renew the cert configured for day.domain.at
- or -
2. using the wildcard cert which is about to expire and you need to renew the wildcard cert

Usually the Certificate Authority you purchased you wildcard cert from (eg: VeriSign, Thawte, GoDaddy, DigiCert, etc) has detailed instructions on how to go about renewing an existing certificate purchased thru them.

Where did your company purchase their cert from?

Dan
0
 

Author Comment

by:Eprs_Admin
ID: 40314714
I have taken over this config.

For me is strange I have a cert called : site.domain.at
For this site I have a cert. On the the IIS I check the cert store and it will expire on 13.9.2014

When I go to IE and type the homepage of site.domain.at and I check the cert here,
then it is written :

Issued to: *.domain.at
Issued by: EssentialSSL CA -> COMODO
Valid to: 10.10.2014

Which one I have to renew now ?
0
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40314765
Just because a cert is in the certificate store, does not mean it is being used.  You can verify what cert the site is using thru a browser (as you did) and thru IIS Manager as well.  I would recommend looking in IIS Manager and verifying your findings from your browser test.

Either way, if the dates you listed above are real, I would renew your wildcard immediately.  Since you have a wildcard cert that is valid for *.domain.at, I would let the site.domain.at cert expire.  It is not needed because your wildcard covers that device.

Dan
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:Eprs_Admin
ID: 40314798
OK then I renew it quickly...
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 40315610
Check is the website in the IIS is using the wild cared certificate , from the binding windows, https--> select the correct certificate.
0
 

Author Comment

by:Eprs_Admin
ID: 40322578
yes it is selected in the https bindings
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 40322636
If you are confident that all your websites are using the wildcard certificate, then after renewing it and reinstalling it on your web server, you should be fine.  You will have to select the renewed cert in order for the sites to get the update.

Dan
0
 

Author Comment

by:Eprs_Admin
ID: 40322725
ok I have created the CSR and sent it now to the company to get the cert.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question