ssl certificates

Author
orani
Silver Member
  • Total Posts : 109
  • Scores: 1
  • Reward points: 0
  • Joined: 2019/07/11 12:54:18
  • Location: Athens
  • Status: offline
2020/05/20 08:30:07 (permalink)
0

ssl certificates

I need to use ssl certificates for some of my subdomains, so i bought a domain certificate with unlimited subdomains.
 
I need to use this certificate for my fortigate's vpn portal, for my fortimail encryption portal and some other portals of other devices.
 
Do i need to create a separate certificate for vpnportal.mydomain.com or i can just upload my mydomain.com certificate to firewall and use it at the vpn settings? and same at fortimail and the other devices?

Orestis Nikolaidis
Network Engineer/IT Administrator
#1
emnoc
Expert Member
  • Total Posts : 5622
  • Scores: 357
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: ssl certificates 2020/05/20 09:49:53 (permalink)
0
Just upload it, is this a SANs certificate ? And the name you want is in the subject alternative ? As long as you have a proper certificate and you have the private-key , you can always import the certificate
 
Ken Felix

PCNSE 
NSE 
StrongSwan  
#2
AdiMizil
New Member
  • Total Posts : 17
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/28 13:01:17
  • Status: offline
Re: ssl certificates 2020/05/23 13:58:37 (permalink)
0
Ken is right, when you issue CSR you need to fill in SAN fields with all your domains you need the certificate to protect.

Adi
#3
TecnetRuss
Bronze Member
  • Total Posts : 24
  • Scores: 8
  • Reward points: 0
  • Joined: 2017/02/27 13:14:44
  • Status: offline
Re: ssl certificates 2020/05/23 15:39:44 (permalink)
0
When I read "unlimited subdomains" I'm wondering if you mean a wildcard certificate.  If you do have a wildcard certificate then you're good to go - just import it.  It will automatically work with any subdomain of your primary domain, e.g. a "*.mydomain.com" certificate will work with vpn.mydomain.com, firewall.mydomain.com, etc.  There's no need to have specified all the subdomains manually/individually when you filled out the CSR before it is issued.
 
Or did you really mean "unlimited domains" as in a multi-SAN certificate (multi-Subject Alternative Names) that supports different domains (e.g. vpn.mydomain.com, vpn.myotherdomain.com)?  Most of the SSL vendors I've dealt with put a limit on SANs or charge per SAN (e.g. 5-SAN UCC certificates, LetsEncrypt supports up to 100 SANs).  If that really is what you have then as Ken and Adi have mentioned you do have to manually specify all the domains you're going to use it on in the SAN fields of your CSR when you request it.  Once you have all your SANS in your issued multi-SAN certificate that one certificate can be used on all your different devices, services, websites, etc.
 
Russ
NSE7
post edited by TecnetRuss - 2020/05/23 15:45:13
#4
Jump to:
© 2020 APG vNext Commercial Version 5.5