Wildcard SSL Certificate Issues (Certificates for an SSL Novice)

Hi All got a bit of an issue (Or confusion) with Wildcard SSL Certs

I support a Medium Size business with the following infrastructure

- Windows 2012 Domain
- Windows Desktop Clients
- VMWare VCenter
- VMWare esxI hosts x 2
- Centos 7 Linux Hosts x 3
- Veeam Backup Server
- HP ILO Servers x 2

They all sit behind a PFSense Server / Router Appliance.
All machines and devices are authenticated and are members of the windows domain

The problem comes with the Wildcard certificate

I want to be able to install the same certificate on all hosts, be it

Windows servers,
HP ILO appliances
Linux Python Apps
IIS,
VMWare Esxi
VCenter etc

I purchased the wildcard certificate from ssl2buy.com who have a CSR entry point where I paste in the certificate request and it spits out a PKCS and X509 to be used on hosts.

My question is which machine should I do the CSR from? The domain controller? My idea was that I could use that cert on the DC and then have all the other clients request the wildcard certificate from it but I am not sure that is how it works. It needs to be able to be installed used on a multiple of different O/S applications for Web authentication, Trusted Site Authentication etc.

I am at a loss, if I generate a certificate for the domain controller it certifies fine within the network but not outside, A lot of the servers on my network serve applications to the outside world which is why I bought a wildcard certificate, The certificates for other servers e.g linux look for server.crt and server.key and other O/S want  diff certificate formats. All help greatly appreciated as I know a lot of things but with SSL I seem to be out my depth lol.
cgtechukAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
It may be easiest to generate the CSR from Linux,  and then convert the certificate into the format required for Windows. I don't know if everything will allow you to import a certificate,  such as ILO might not.

See this for more information and syntax on converting certificates.
https://www.sslshopper.com/ssl-converter.html
1
Jian An LimSolutions ArchitectCommented:
in short, once you have the certificate that have private/public key. IT is convertible to any format you gonna support. you probably lack of technical skill to convert them.

One thing is to generate a SHA1 and make sure your provider submit as SHA2 (with SHA1 root).

This is to make sure you have the best application compatibility.
0
ChrisCommented:
use OpenSSL to generate the private key and the CSR
then once the certificate is signed use OpenSSL to put the key and certificate into a PFX file which should be supportable by most of your list.
But where the don't you will have the key file and the cert file.

this guide should help you generate the CSR and key

http://www.websense.com/support/article/kbarticle/How-to-use-OpenSSL-and-Microsoft-Certification-Authority
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.