cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

need some guidance with SSL and certs

pdidy681695
Copper Contributor

‎Oct 18 2022 11:08 AM

‎Oct 18 2022 11:08 AM

need some guidance with SSL and certs

Hi all,

 

Don't know if I am in the correct forum but my question is basically, can someone provide some links on how to install a new cert for https.

The last guy here, never documented anything and truth be told, I never really worked with certs. I am building out a web-based app and it needs https to run. I need a wildcard certificate would work for 8 sites. We have a cert authority server on prem, but never used it before. Any links on how to accomplish this. It looks like, most of the certs here are self-signed.

 

Thanks in advance

 

P

Labels:
1,212 Views
0 Likes
3 Replies
Reply
3 Replies
rfalconer

‎Oct 18 2022 11:33 AM

‎Oct 18 2022 11:33 AM

Re: need some guidance with SSL and certs

Is the new app accessible publicly? If so, you won't want to use certificates generated by an internal authority. Nobody externally would trust the certificate presented by the site and it would present a warning. So if external access is needed, you'll have to go through a public authority like Digicert or Let's Encrypt.
If it's internal access and you have an internal authority, you can see if any templates have been set up that will suite your need. Easiest way is to open MMC and add the computer certificates snap-in. Go to Personal - Certificates, right-click, select All Tasks - Request new certificate. You should get options on what certificates you can request.
Since you're looking for wildcard, you need a web cert where you can enter more information with the request. If you don't have that option, you'll need to create a certificate template that will accomplish what you need.
You can also use certreq.exe to accomplish certificate related tasks.
0 Likes
Reply
pdidy681695

‎Oct 19 2022 07:04 AM

‎Oct 19 2022 07:04 AM

Re: need some guidance with SSL and certs

@rfalconerThanks for the info. Looked at  certreq.exe and seems very straight foward. It is internal so I wil be using our internal CA. Just one question, I am creating the csr and would like to know where I place the multiple dns entires for the wildcard. Would it be in the extensions section?

 

TIA

Paul

0 Likes
Reply
rfalconer

‎Oct 20 2022 06:52 AM - edited ‎Oct 20 2022 06:53 AM

‎Oct 20 2022 06:52 AM - edited ‎Oct 20 2022 06:53 AM

Re: need some guidance with SSL and certs

If you use the .inf file to generate the CSR, then you can put the SAN entries in the extensions section. MS CAs uses the label DNS for SAN entries but I don't recall the exact syntax to use in the .inf file. 

You may have to enable SAN entry support on the CA. It's been a long time since I built a CA and I don't remember if that's still necessary.

0 Likes
Reply