Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 1343 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to generate Wildcard CSR

Daniel Ross

Good morning,

I'm attempting to generate a wildcard CSR from my XG and use it in my WAF protection rule for two seperate webservers.  Here is a screenshot of my CSR as I generate it.  I'm confused what my entry should be for the Certificate ID and the Common name.  

Do I need to have the same wild card entry in the cert id or in the common name or neither?  I thought I understood this but the guide here  is saying enter common name or FQDN.  So which is it? 

docs.sophos.com/.../CertificateSigningRequest.html

 



This thread was automatically locked due to age.
Parents
  • +1

    Hey guys, 

    I was able to get my wildcard working.  The important parts for are the Certificate ID and the Common name.  In my case the Cert ID could not contain an asterisk.  So drop that from the wildcard.  For example if you were going to use *.mydomain.com, just enter mydomain.com in the Cert ID.  Then in the common name, enter the same with the addition of the asterisk, like this;  *mydomain.com.  Once that was created as a CSR I then got the duplicate that I the uploaded as a single .PEM file containing all the certs.  Once loaded into my XG I applied it to my WAF rule and was able to see the *mydomain.com entered in the rule summary in the upper right hand corner.  I then added both of my protected servers on the same rule.  Both are now showing as valid certs from the outside.

Reply
  • +1

    Hey guys, 

    I was able to get my wildcard working.  The important parts for are the Certificate ID and the Common name.  In my case the Cert ID could not contain an asterisk.  So drop that from the wildcard.  For example if you were going to use *.mydomain.com, just enter mydomain.com in the Cert ID.  Then in the common name, enter the same with the addition of the asterisk, like this;  *mydomain.com.  Once that was created as a CSR I then got the duplicate that I the uploaded as a single .PEM file containing all the certs.  Once loaded into my XG I applied it to my WAF rule and was able to see the *mydomain.com entered in the rule summary in the upper right hand corner.  I then added both of my protected servers on the same rule.  Both are now showing as valid certs from the outside.

Children
No Data