Re: SSL Certificates

["Ale x" <gbanger () gmail com>]

You can just export the Certificate to a .pfx file and import to another server.
What they told you is correct in terms of generating the CSR on a
particular server, then you can only complete the certificate
generation on that server with that same Certification Request. This
does not mean that the certificate only works on this server. There is
specific information about that server in the CSR but once the
Certificate has been generated that is not relevant - it is only used
for the creation process.

I had to create a certificate for our Citrix Access Gateway the other
day.. I created the CSR in IIS on a test vmware server, generated the
certificate with Verisign, exported it and imported to the CAG and got
rid of the vm server.

Cheers



On Wed, Dec 10, 2008 at 2:18 AM, Dan Denton <ddenton () remitpro com> wrote:
> Sorry for pulling a stupid!
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Dan Denton
> Sent: Monday, December 08, 2008 6:48 PM
> To: 'CORP John Porter'; security-basics () securityfocus com
> Subject: RE: SSL Certificates
>
> John,
>
> You'll need what's usually referred to as a "wildcard certificate". One of
> these will cover multiple servers under the same domain name. For example,
> abc.company.com, xyz.company.com, mail.company.com, etc....
>
> Dan
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of CORP John Porter
> Sent: Monday, December 08, 2008 3:27 PM
> To: security-basics () securityfocus com
> Subject: SSL Certificates
>
> I am trying to use a Wildcard SSL certificate, i.e. *.company.com, for
> authentication to a wireless network and I can't get it to work. I have
> been given about 6 different reasons for why it isn't working. The
> latest explanation is that when you get an SSL certificate from GoDaddy
> or Entrust you must first create a Certificate Signing Request that you
> then submit to the Authority. The theory is that even though you request
> a certificate for a CN of *, the CSR has information about the server
> that created the CSR and that therefore the wildcard certificate will
> work for any sub-domain of company.com, but only on the server that
> created the CSR. Therefore, if I have 5 different servers where I want
> to use *.company.com, I must create. 5 CSRs, and purchase 5
> certificates. Does this make sense?