Results 1 to 5 of 5

Hybrid View

  1. #1

    CSR for wildcard SSL

    Hello,
    I have got a quick question.

    I have some 20 -30 servers and I have ssl certificate for the hostname of each servers. All the hostnames are like node1.server.com, node2.server.com etc. Usually, I used to buy ssl certificates for individual servers but now I thought it would be better to get wild card ssl as all of them are *.server.com.
    But now Iam encountering a problem. For the wild card ssl I need the csr for *.server.com
    How can I get the csr for *.server.com? In the admin panel, I click on the ssl icon for the server.com in order to create CSR for that domain.
    Can you throw some light to it.

  2. #2
    Join Date
    Mar 2003
    Location
    Brisbane Australia
    Posts
    68
    Use *.server.com as the host name when you generate the CSR. When you order the wildcard certificate the system will recognise this.

    When you install the certificate then use the correct subdomain name like node1.server.com, the certificate will then work correctly.

    NOTE: If you are ordering a wildcard certificate they are generally issued to cover all subdomains on a single server, if you wish to use them to cover multiple subdomains on different servers then you will normally have to pay a per server license fee. If you are looking at 20 - 30 servers then check first with the issuer as they may be able to give you a discount for a bulk order.
    Ron Rogers
    Need SSL Certificates? WEBYSSL.com (rapidssl.com International Affiliate)
    Put Your Mark on the WWWorld with WEBY Systems

  3. #3
    But, In the Raq control panel, how can I make a CSR for the *.server.com. The hostname is server.com and when I click on the SSL I can't see an option to produce the CSR for a *.server.com.
    Can you give me some thoughts.

  4. #4
    Join Date
    Mar 2003
    Location
    Brisbane Australia
    Posts
    68
    I haven't done any work on a RaQ so not sure if all this will work but the following is the information for generating the CSR manually so it should work to generate the CSR for a wildcard certificate. I do not think you can do it at all via the control panel.

    To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :

    openssl req –new –nodes -keyout myserver.key –out server.csr

    This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

    In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

    You will now be asked to enter details to be entered into your CSR
    .
    What you are about to enter is what is called a Distinguished Name or a DN.

    For some fields there will be a default value, If you enter '.', the field will be left blank.

    -----
    Country Name (2 letter code) [AU]: GB
    State or Province Name (full name) [Some-State]: Yorks
    Locality Name (eg, city) []: York
    Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
    Organizational Unit Name (eg, section) []: IT
    Common Name (eg, YOUR name) []: www.mydomain.com
    Email Address []:

    Please enter the following 'extra' attributes to be sent with your certificate request

    A challenge password []:
    An optional company name []:
    -----

    Use the name of the webserver as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).

    The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

    Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
    So if you replace www.domain.com with *.server.com and substitute your details for all the rest you should have it

    Installation should be ok via the normal control panel process just use the key created above and the certificate that you order and install on node1.server.com, node2.server.com and so on.

    This is not guaranteed to work but it just might do the trick for you.
    Ron Rogers
    Need SSL Certificates? WEBYSSL.com (rapidssl.com International Affiliate)
    Put Your Mark on the WWWorld with WEBY Systems

  5. #5
    Thanks for the help Trigger.
    But I can't do it from the control panel. Can any one give me any idea how it can be done from the Raq control panel. I know how to create the csr for a domain, but now I need it as *.server.com
    Any help is appreciated.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •