Upload certificate with wildcard DNS restriction

mark_nl · October 10, 2016, 3:30pm

HI,

I love the ability to upload certificates.
a future request would be the ability to upload password protected (encrypted) private keys, witch can be de- crypted on the fly. (i mean there no need to store them encrypted within the “production” environment but think is is good practice not to shuffle un-encrypted keys around outside it)

Just a minor detail and not the Topic of this post

I’m not able to upload certificates with a wildcard in the DNS in the Subject Alternative Name such as *.example.com nor example.com. A wildcard in the CommonName works just fine.
I use home brew (self signed CA) certificates in the test lab, so i wonder if i am doing something wrong there.

Has someone tried to upload a real certificate with a wildcard in the DNS Alternative Name?
(i don’t have one, they cost money…)

filippo_carletti · October 10, 2016, 3:54pm

I have a wildcard cert, please give me some time to setup a test.

mark_nl · October 10, 2016, 5:31pm

Have no hurry with this!

EDIT
It looks like it is impossible to upload a certificate with a DNS Alternative Name that differs from the server’s hostname. This means its impossible to upload a proper certificate for virtualhosts.
I will investigate.

mark_nl · October 10, 2016, 5:30pm

This is nonsense !

Just uploaded a STARTSSL cert with a (non wildcard) DNS Alternative Name and tested it on a virtual host, al fine.
So it most likely i make some faults in my home brew cert’s with a DNS wildcard.

alefattorini · October 11, 2016, 9:46am

Thanks for getting us updated about this

filippo_carletti · October 11, 2016, 3:01pm

I successfully uploaded a wildcard certificate bought from StartSSL.

mark_nl · October 11, 2016, 3:20pm

Thanx,

There is something wrong with my home brew certs ,

I just do not get it as they work just fine after a manual install.
So that the way to go on my test-setups.

filippo_carletti · October 11, 2016, 3:22pm

Would you mind sharing the error you get when you try to upload your cert?
Maybe I can find a clue.

mark_nl · October 11, 2016, 3:26pm

Oke, i’ll look in to it and report back

mark_nl · October 19, 2016, 8:00pm

Sorry took a while

Found my quirk, it’s my habit to name “wildcard certificates” with the last part of the FQDN,:

cert for *.example.com I call example.com, that dot in the name throws up this error:

I was misled by the error message. Again a very nice feature with minor improvements possible:

clearer error message (invalid filename?)

the full path is shown under name, this could be slicker

And said before:

Thnx for the support!