I need to use ssl certificates for some of my subdomains, so i bought a domain certificate with unlimited subdomains.
I need to use this certificate for my fortigate's vpn portal, for my fortimail encryption portal and some other portals of other devices.
Do i need to create a separate certificate for vpnportal.mydomain.com or i can just upload my mydomain.com certificate to firewall and use it at the vpn settings? and same at fortimail and the other devices?
Orestis Nikolaidis
Network Engineer/IT Administrator
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just upload it, is this a SANs certificate ? And the name you want is in the subject alternative ? As long as you have a proper certificate and you have the private-key , you can always import the certificate
Ken Felix
PCNSE
NSE
StrongSwan
When I read "unlimited subdomains" I'm wondering if you mean a wildcard certificate. If you do have a wildcard certificate then you're good to go - just import it. It will automatically work with any subdomain of your primary domain, e.g. a "*.mydomain.com" certificate will work with vpn.mydomain.com, firewall.mydomain.com, etc. There's no need to have specified all the subdomains manually/individually when you filled out the CSR before it is issued.
Or did you really mean "unlimited domains" as in a multi-SAN certificate (multi-Subject Alternative Names) that supports different domains (e.g. vpn.mydomain.com, vpn.myotherdomain.com)? Most of the SSL vendors I've dealt with put a limit on SANs or charge per SAN (e.g. 5-SAN UCC certificates, LetsEncrypt supports up to 100 SANs). If that really is what you have then as Ken and Adi have mentioned you do have to manually specify all the domains you're going to use it on in the SAN fields of your CSR when you request it. Once you have all your SANS in your issued multi-SAN certificate that one certificate can be used on all your different devices, services, websites, etc.
Russ NSE7
SAN or wildcard is good to use, simplify the cert management vsr managing hundreds of different certificates imho
earlier statement about limits in AltName field is correct but you can get around tyis by mix'ing in wildcards and specific altNames
e.g
web1.yourdomain2.com
*.yourdomain3.com
web1.yourdomain4.com
*.example.com
*.example.edu
*.example.net
You could in fact have SAN certificate for 1 thousand or 1 million hosts installed by using wildcards in the altName ;)
Ken Felix
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.