CSS11506 - Wildcard cert ??

Unanswered Question

We have a need to terminate multiple SSL websites on our CSS. So name1.test.com

name2.test.com, name3.test.com etc. The problem I have found is that I need to burn 1 public VIP per SSL connection b/c they all need to use tcp 443 inbound and point to their respective cert on the CSS. Is there anyway to possibly generate a wildcard cert that matched only the last part of our domain name ( events.test.com = *.test.com ) and then get away with using only 1 VIP for the multiple sub domains ??

Thanks for your help.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Tue, 05/15/2007 - 14:26

CSS can use wildcard certificate just as it uses typical server certificates.

If you are using the CSS to create the CSR, you would use a wildcard common name

- A "*" wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would

match a.example.com, foo.example.com, etc. but would not match



Thanks again, would this help me get away with using one VIP for the multiple sub domains ?

Essentially I would like to use one VIP with a wildcard cert for

a.example.com, foo.example.com, test.example.com.

Is this doable ? Its very doable using an Apache proxy server. I am just trying to port that functionality over to the CSS


This Discussion