Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

Re: SSL Certificates
From: "Ale x" <gbanger () gmail com>
Date: Wed, 10 Dec 2008 18:02:09 +1100
You can just export the Certificate to a .pfx file and import to another server.
What they told you is correct in terms of generating the CSR on a
particular server, then you can only complete the certificate
generation on that server with that same Certification Request. This
does not mean that the certificate only works on this server. There is
specific information about that server in the CSR but once the
Certificate has been generated that is not relevant - it is only used
for the creation process.

I had to create a certificate for our Citrix Access Gateway the other
day.. I created the CSR in IIS on a test vmware server, generated the
certificate with Verisign, exported it and imported to the CAG and got
rid of the vm server.

Cheers



On Wed, Dec 10, 2008 at 2:18 AM, Dan Denton <ddenton () remitpro com> wrote:

Sorry for pulling a stupid!

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Dan Denton
Sent: Monday, December 08, 2008 6:48 PM
To: 'CORP John Porter'; security-basics () securityfocus com
Subject: RE: SSL Certificates

John,

You'll need what's usually referred to as a "wildcard certificate". One of
these will cover multiple servers under the same domain name. For example,
abc.company.com, xyz.company.com, mail.company.com, etc....

Dan



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of CORP John Porter
Sent: Monday, December 08, 2008 3:27 PM
To: security-basics () securityfocus com
Subject: SSL Certificates

I am trying to use a Wildcard SSL certificate, i.e. *.company.com, for
authentication to a wireless network and I can't get it to work. I have
been given about 6 different reasons for why it isn't working. The
latest explanation is that when you get an SSL certificate from GoDaddy
or Entrust you must first create a Certificate Signing Request that you
then submit to the Authority. The theory is that even though you request
a certificate for a CN of *, the CSR has information about the server
that created the CSR and that therefore the wildcard certificate will
work for any sub-domain of company.com, but only on the server that
created the CSR. Therefore, if I have 5 different servers where I want
to use *.company.com, I must create. 5 CSRs, and purchase 5
certificates. Does this make sense?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]