Hi All got a bit of an issue (Or confusion) with Wildcard SSL Certs
I support a Medium Size business with the following infrastructure
- Windows 2012 Domain
- Windows Desktop Clients
- VMWare VCenter
- VMWare esxI hosts x 2
- Centos 7 Linux Hosts x 3
- Veeam Backup Server
- HP ILO Servers x 2
They all sit behind a PFSense Server / Router Appliance.
All machines and devices are authenticated and are members of the windows domain
The problem comes with the Wildcard certificate
I want to be able to install the same certificate on all hosts, be it
HP ILO appliances
Linux Python Apps
I purchased the wildcard certificate from ssl2buy.com who have a CSR entry point where I paste in the certificate request and it spits out a PKCS and X509 to be used on hosts.
My question is which machine should I do the CSR from? The domain controller? My idea was that I could use that cert on the DC and then have all the other clients request the wildcard certificate from it but I am not sure that is how it works. It needs to be able to be installed used on a multiple of different O/S applications for Web authentication, Trusted Site Authentication etc.
I am at a loss, if I generate a certificate for the domain controller it certifies fine within the network but not outside, A lot of the servers on my network serve applications to the outside world which is why I bought a wildcard certificate, The certificates for other servers e.g linux look for server.crt and server.key and other O/S want diff certificate formats. All help greatly appreciated as I know a lot of things but with SSL I seem to be out my depth lol.