Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

is it possible to use single ssl certificate for multiple server farm with different FQDN?

Hi

We generated the CSR request for versign secure site pro certificate SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "

And the same message when trying to access https://www.abc.com from Google Chrome.

"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"

so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.

Now my question is


1. Is is possible to  remove above errors doing some ssl configuration on ACE?

2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..

Thanks

Waliullah

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: is it possible to use single ssl certificate for multiple se

Hi Wali,

You will either need a separate certficate for each unique FQDN, or a wildcard cert that will match all of them.  That is the only way the browser will not complain to the end user.

Sorry for the confusion.

Sean

4 REPLIES
Silver

Re: is it possible to use single ssl certificate for multiple se

If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.

Hope this helps,

Sean

New Member

Re: is it possible to use single ssl certificate for multiple se

Hi Sean

Thanks for your reply! we rae not sharing VIPS , we have dedicated  VIP  for each FQDN , so in this case is it possible ? to use the single certificate generated for cn=abc.com to be used with www.abc.com , a.abc.com etc and not getting any cn name issue in certificate.

Thansk

Wali

Silver

Re: is it possible to use single ssl certificate for multiple se

Hi Wali,

You will either need a separate certficate for each unique FQDN, or a wildcard cert that will match all of them.  That is the only way the browser will not complain to the end user.

Sorry for the confusion.

Sean

New Member

Re: is it possible to use single ssl certificate for multiple se

Oki Thanks sean!  now things are clear .

724
Views
0
Helpful
4
Replies