Forum Discussion
CirrostratusCreating SSL Cert with a SAN the same as the CN.
CirrostratusHow do you do multiple SANs?
CirrostratusSeparated by comma:
DNS:abc.def.ghi, DNS:jkl.mno.pqr
Just in case it ever comes up, you can also use "IP:1.2.3.4" for IP addresses, although in most cases I would advise to stick with DNS names.
If F5 is taking feedback here, that info would probably be a good addition to the "help" menu for certificate creation.
- gdoyle
Thanks, I'll look at that... I think I tried, but I didn't have the space after the comma. Perhaps that was why it wouldn't take it.
Do you know how to generate a wildcard certificate in the Big IP? I've tried using *.domain.com, but once pushed to the site the site appears to be looking specifically for "*.domain.com" and not using the wildcard.
- gersbah
I don't have a lot of practical experience with wildcard certificates. But as far as I know there's no special syntax or special treatment for wildcards in the CSR. As long as the CA is willing to sign it, it should work.
Only caveat I can think of is that it wont match multiple subdomain levels.
So *.domain.com does match a.domain.com but does NOT match a.b.domain.com
- gdoyle
Yeah, from what I've seen what I did should have worked without issue, but it definitely had an issue in every browser.
Thanks for your input!
