Can I secure SSL VPN with a wildcard cert, if SSL VPN is IP based?

Forum|Forum|1 year ago
April 3, 2025
4 replies
1329 views

I am trying to put a cert on the SSL VPN. All I have access to is wildcard certs. I have already tried and failed, and now I am wondering if I can or if I am doing it wrong.

FortiGate

AEK

SuperUser

Yes you can, but you need to access it via FQDN (e.g.: ssl.mydomain.com), not IP address, otherwise the cert is useless.

AEK

Hassan97wsh

Staff

The IP address will not match the certificate wildcard subject name or alternative subject name. The wildcard certificate cannot be used to authenticate the server by its IP address.

jiahoong112

Staff

the wildcard certificate will only apply if the method you are connecting to the sslvpn is fqdn based. in this case, you'll have to bind your public ip with fqdn or use FortiDDNS: https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/685361/ddns

joshbergm

Explorer

Hi,

You can do this if you add the IP address in the SAN name field.
However it's better to use a FQDN.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded