On Sun, 2016-06-12 at 16:39 +0000, xinhuan zheng wrote: > I need to deploy multiple 389 directory server instances into production environment. I want to know if 389 directory server > supports wildcard server certificate. Currently the subject for my instance is: > > Subject: "CN=dmdev1.christianbook.com,OU=389 Directory Server" > > When using wildcard, it will be: > > Subject: "CN=*.christianbook.com,OU=389 Directory Server" Yes. > > Is it possible? > > I guess GoDaddy might be able to support wildcard certificate but I am not sure. Does anyone know about it? No sorry. Wild cards cost a lot. I would recommend a better approach. NSS supports SAN (SubjectAltenativeNames) on certs. So you make a cert with: certutil -R -f pwdfile.txt -d . -t "C,," -x -n "Server-Cert" -g 2048\ -s "CN=nss.dev.example.com,O=Testing,L=example,ST=Queensland,C=AU" \ -8 "nss.dev.example.com,nss-alt.dev.example.com" -o nss.dev.example.com.csr This certificate once signed would be useable with: * nss.dev.example.com * nss-alt.dev.example.com There's no real limit to how many alternative names you can have, but it's a good idea to plan your deployment so you don't have to keep re-issuing these when you request more certs. Remember, this still needs signing so you would need to send the .csr to your CA I hope that helps you, > > Thanks, > - xinhuan > -- > 389-users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
Attachment:
signature.asc
Description: This is a digitally signed message part
-- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
