Skip to main content
orani
orani
New Member
May 20, 2020
Question

ssl certificates

  • May 20, 2020
  • 2 replies
  • 6126 views

I need to use ssl certificates for some of my subdomains, so i bought a domain certificate with unlimited subdomains.

 

I need to use this certificate for my fortigate's vpn portal, for my fortimail encryption portal and some other portals of other devices.

 

Do i need to create a separate certificate for vpnportal.mydomain.com or i can just upload my mydomain.com certificate to firewall and use it at the vpn settings? and same at fortimail and the other devices?

    2 replies

    emnoc
    emnoc
    New Member
    May 20, 2020

    Just upload it, is this a SANs certificate ? And the name you want is in the subject alternative ? As long as you have a proper certificate and you have the private-key , you can always import the certificate

     

    Ken Felix

    AdiMizil
    AdiMizil
    New Member
    May 23, 2020
    Ken is right, when you issue CSR you need to fill in SAN fields with all your domains you need the certificate to protect. Adi
    TecnetRuss
    TecnetRuss
    Visitor III
    May 23, 2020

    When I read "unlimited subdomains" I'm wondering if you mean a wildcard certificate.  If you do have a wildcard certificate then you're good to go - just import it.  It will automatically work with any subdomain of your primary domain, e.g. a "*.mydomain.com" certificate will work with vpn.mydomain.com, firewall.mydomain.com, etc.  There's no need to have specified all the subdomains manually/individually when you filled out the CSR before it is issued.

     

    Or did you really mean "unlimited domains" as in a multi-SAN certificate (multi-Subject Alternative Names) that supports different domains (e.g. vpn.mydomain.com, vpn.myotherdomain.com)?  Most of the SSL vendors I've dealt with put a limit on SANs or charge per SAN (e.g. 5-SAN UCC certificates, LetsEncrypt supports up to 100 SANs).  If that really is what you have then as Ken and Adi have mentioned you do have to manually specify all the domains you're going to use it on in the SAN fields of your CSR when you request it.  Once you have all your SANS in your issued multi-SAN certificate that one certificate can be used on all your different devices, services, websites, etc.

     

    Russ NSE7

    emnoc
    emnoc
    New Member
    May 26, 2020

    SAN or wildcard is good to use, simplify the cert management vsr managing hundreds of different certificates imho

     

    earlier statement about limits in AltName field is correct but you can get around tyis by mix'ing in wildcards and specific altNames

     

    e.g

     

    web1.yourdomain2.com

    *.yourdomain3.com

    web1.yourdomain4.com

    *.example.com

    *.example.edu

    *.example.net

     

    You could in fact have SAN certificate for 1 thousand or 1 million hosts installed by using wildcards in the altName ;)

     

    Ken Felix

     

     

    Ken Felix

    Terms & ConditionsAccessibility statement