Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS11506 - Wildcard cert ??

We have a need to terminate multiple SSL websites on our CSS. So name1.test.com

name2.test.com, name3.test.com etc. The problem I have found is that I need to burn 1 public VIP per SSL connection b/c they all need to use tcp 443 inbound and point to their respective cert on the CSS. Is there anyway to possibly generate a wildcard cert that matched only the last part of our domain name ( events.test.com = *.test.com ) and then get away with using only 1 VIP for the multiple sub domains ??

Thanks for your help.

Cheers

Dave

2 REPLIES

Re: CSS11506 - Wildcard cert ??

CSS can use wildcard certificate just as it uses typical server certificates.

If you are using the CSS to create the CSR, you would use a wildcard common name

- A "*" wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would

match a.example.com, foo.example.com, etc. but would not match

example.com.

Syed

New Member

Re: CSS11506 - Wildcard cert ??

Thanks again, would this help me get away with using one VIP for the multiple sub domains ?

Essentially I would like to use one VIP with a wildcard cert for

a.example.com, foo.example.com, test.example.com.

Is this doable ? Its very doable using an Apache proxy server. I am just trying to port that functionality over to the CSS

107
Views
0
Helpful
2
Replies