Security Basics mailing list archives
Re: SSL Certificates
From: "Ale x" <gbanger () gmail com>
Date: Wed, 10 Dec 2008 18:02:09 +1100
You can just export the Certificate to a .pfx file and import to another server. What they told you is correct in terms of generating the CSR on a particular server, then you can only complete the certificate generation on that server with that same Certification Request. This does not mean that the certificate only works on this server. There is specific information about that server in the CSR but once the Certificate has been generated that is not relevant - it is only used for the creation process. I had to create a certificate for our Citrix Access Gateway the other day.. I created the CSR in IIS on a test vmware server, generated the certificate with Verisign, exported it and imported to the CAG and got rid of the vm server. Cheers On Wed, Dec 10, 2008 at 2:18 AM, Dan Denton <ddenton () remitpro com> wrote:
Sorry for pulling a stupid! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dan Denton Sent: Monday, December 08, 2008 6:48 PM To: 'CORP John Porter'; security-basics () securityfocus com Subject: RE: SSL Certificates John, You'll need what's usually referred to as a "wildcard certificate". One of these will cover multiple servers under the same domain name. For example, abc.company.com, xyz.company.com, mail.company.com, etc.... Dan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of CORP John Porter Sent: Monday, December 08, 2008 3:27 PM To: security-basics () securityfocus com Subject: SSL Certificates I am trying to use a Wildcard SSL certificate, i.e. *.company.com, for authentication to a wireless network and I can't get it to work. I have been given about 6 different reasons for why it isn't working. The latest explanation is that when you get an SSL certificate from GoDaddy or Entrust you must first create a Certificate Signing Request that you then submit to the Authority. The theory is that even though you request a certificate for a CN of *, the CSR has information about the server that created the CSR and that therefore the wildcard certificate will work for any sub-domain of company.com, but only on the server that created the CSR. Therefore, if I have 5 different servers where I want to use *.company.com, I must create. 5 CSRs, and purchase 5 certificates. Does this make sense?
Current thread:
- SSL Certificates CORP John Porter (Dec 08)
- RE: SSL Certificates Dan Denton (Dec 09)
- RE: SSL Certificates Dan Denton (Dec 09)
- Re: SSL Certificates Ale x (Dec 10)
- RE: SSL Certificates Dan Denton (Dec 09)
- RE: SSL Certificates Dan Denton (Dec 09)