Upload certificate with wildcard DNS restriction

HI,

I love the ability to upload certificates. :clap: :clap: :clap:
a future request would be the ability to upload password protected (encrypted) private keys, witch can be de- crypted on the fly. (i mean there no need to store them encrypted within the ā€œproductionā€ environment but think is is good practice not to shuffle un-encrypted keys around outside it)

Just a minor detail and not the Topic of this post :grinning:

Iā€™m not able to upload certificates with a wildcard in the DNS in the Subject Alternative Name such as *.example.com nor example.com. A wildcard in the CommonName works just fine.
I use home brew (self signed CA) certificates in the test lab, so i wonder if i am doing something wrong there.

Has someone tried to upload a real certificate with a wildcard in the DNS Alternative Name?
(i donā€™t have one, they cost moneyā€¦)

I have a wildcard cert, please give me some time to setup a test.

Have no hurry with this!

EDIT
It looks like it is impossible to upload a certificate with a DNS Alternative Name that differs from the serverā€™s hostname. This means its impossible to upload a proper certificate for virtualhosts.
I will investigate.

This is nonsense !

Just uploaded a STARTSSL cert with a (non wildcard) DNS Alternative Name and tested it on a virtual host, al fine.
So it most likely i make some faults in my home brew certā€™s with a DNS wildcard.

1 Like

Thanks for getting us updated about this :clap:

I successfully uploaded a wildcard certificate bought from StartSSL.

Thanx,

There is something wrong with my home brew certs :cry: ,

I just do not get it as they work just fine after a manual install. :confused:
So that the way to go on my test-setups.

Would you mind sharing the error you get when you try to upload your cert?
Maybe I can find a clue.

Oke, iā€™ll look in to it and report back

Sorry took a while

Found my quirk, itā€™s my habit to name ā€œwildcard certificatesā€ with the last part of the FQDN,:

cert for *.example.com I call example.com, that dot in the name throws up this error:

I was misled by the error message. Again a very nice feature :thumbsup: with minor improvements possible:

clearer error message (invalid filename?)

the full path is shown under name, this could be slicker

And said before:

Thnx for the support!