LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

January 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS January 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Need help with DigiCert Wildcard Cert!
From:	"Nick Chong (nchong)" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Fri, 5 Jan 2007 06:39:46 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (74 lines)

Hello Mike, Dan,

Happy new year. 

We currently do not support wildcard cert yet. We can look into that as
feature future planning.

What are the other benefits of using wildcard cert btw? (besides saving
time/money to register).
I have heard a few requests on this but wasn't sure the technical
reasons. Thanks.

Regards,
Nick 


-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Mike Diggins
Sent: Friday, January 05, 2007 5:27 AM
To: [log in to unmask]
Subject: Re: Need help with DigiCert Wildcard Cert!

On Thu, 4 Jan 2007, Daniel R. Sullivan wrote:

> I'm at my wits end.  I looked back through the archives and tried all
the
> stuff Rob Crockett was told to do with his godaddy/starfield cert.
>
> Here are the steps I've done:
> - Wildcard cert lives on an IIS server
>  - Exported cert with private key as pfx
> - Used openSSL to strip the password giving me the private and public
in the
> same pem file.
> - Upload that private file to CCA, that gives a Success message
> - Upload the root CA cert to the "* Trust non-standard . . ." which
gives:
> Success. Changes will take effect after you restart the server.
> - Upload the intermediate CA cert to the "* Trust non-standard . . ."
which
> gives: Success. Changes will take effect after you restart the server.
>
> So I do the reboots and try to Verify and Install and I get: Error:
The
> Uploaded CA-signed Certificate doesn't match the Uploaded Private Key.
>
> Using a similar method on my proxy server (EZProxy) the cert works
just fine
> so it is something with the CCA quirks that I'm butting my head
against.


Perhaps a different problem but I attempted to use our wildcard 
certificate on our CCA last Summer and wasn't having any success. It
would 
work up until I rebooted, then it would complain about the certificate 
name not matching the configured hostname (obviously). I opened a case 
with the TAC and this was there response (perhaps this has changed?):


> ---------- Forwarded message ----------
> Date: Thu, 11 May 2006 12:20:59 -0400
> Cc: attach Cisco <[log in to unmask]>
> Subject: Re: xxxxxxxx : Cisco Clean Access - Assistance Needed
>
> Mike,
>     CCA requires either the FQD or IP address in the CN of the
certificate.
>     So no there is no way to use a wildcard certificate.


-Mike

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU