Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1122
Views
0
Helpful
4
Replies

is it possible to use single ssl certificate for multiple server farm with different FQDN?

Go to solution
KFU NOC
Level 1
Level 1

‎06-29-2010 03:01 AM

Hi

We generated the CSR request for versign secure site pro certificate SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "

And the same message when trying to access https://www.abc.com from Google Chrome.

"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"

so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.

Now my question is


1. Is is possible to  remove above errors doing some ssl configuration on ACE?

2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..

Thanks

Waliullah

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sean Merrow
Level 4
Level 4
In response to KFU NOC

‎06-29-2010 06:59 AM

Hi Wali,

You will either need a separate certficate for each unique FQDN, or a wildcard cert that will match all of them.  That is the only way the browser will not complain to the end user.

Sorry for the confusion.

Sean

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Sean Merrow
Level 4
Level 4

‎06-29-2010 06:19 AM

If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.

Hope this helps,

Sean

0 Helpful

Go to solution
KFU NOC
Level 1
Level 1
In response to Sean Merrow

‎06-29-2010 06:44 AM

Hi Sean

Thanks for your reply! we rae not sharing VIPS , we have dedicated  VIP  for each FQDN , so in this case is it possible ? to use the single certificate generated for cn=abc.com to be used with www.abc.com , a.abc.com etc and not getting any cn name issue in certificate.

Thansk

Wali

0 Helpful

Go to solution
Sean Merrow
Level 4
Level 4
In response to KFU NOC

‎06-29-2010 06:59 AM

Hi Wali,

You will either need a separate certficate for each unique FQDN, or a wildcard cert that will match all of them.  That is the only way the browser will not complain to the end user.

Sorry for the confusion.

Sean

0 Helpful

Go to solution
KFU NOC
Level 1
Level 1
In response to Sean Merrow

‎06-29-2010 07:02 AM

Oki Thanks sean!  now things are clear .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents