wildcard certificaate

To allow any sub domain to connect without SSL warning in client browsers.

Example your wildcard cert is for *.test.com then (anything).test.com is valid. E.g. and mail.test.com are valid using the same cert.

Use the same way as any other cert within a SSL Profile.

You apply it the same way as other certificates. See this article https://support.f5.com/csp/article/K14620

Steps:

A.Generate CSR using common name Example: *.test.com

B.Send CSR file to 3rd pary vendor and they will give the certificates(including intermediate)

C.Import the provided certs to F5 device

D.Configure new SSL certs under Client profile

E.Apply client profile to virtual server

Generate CSR:

A. Login to F5 active device B. Go to System ›› File Management : SSL Certificate List C. Click create button and update the details as mentioned below Note: In common name you need to mention FQDN name. If it is not a wildcard certificate then you need to mention as FQDN name. If it is wild card mention * before FQDN. Always select key size as 2048.

1. Download the CSR file and send to vendor

    

2. Vendor will provide following certificates.

    

. Website certificate --This one you need to import . AddTrustExternalCARoot . UserTrustSAAddtrustCA . Trusted Secure Certificate Authority

1. Now import the certs as mentioned below. System ›› File Management : SSL Certificate List ›› Import

5.Key import details are mentioned below. System ›› File Management : SSL Certificate List ›› Import

Both Cert and key should be same name

Once cert, key and intermediate certs are imported we need to create SSL client profile

6.Configure new SSL certs under Client profile

Create a new profile as mentioned below Go to Local Traffic ›› Profiles : SSL : Client In Certificate, key and chain select the files which you created Then click Add Once certificate key chain is update, click finished

Most of the times you need to update intermedaite certificate. Then you need to bundle certificates other than website certificate and import and call in SSL client profile chain section.

Please let me know any more information is required

Generate CSR:

A. Login to F5 active device B. Go to System ›› File Management : SSL Certificate List C. Click create button and update the details as mentioned below Note: In common name you need to mention FQDN name. If it is not a wildcard certificate then you need to mention as FQDN name. If it is wild card mention * before FQDN. Always select key size as 2048.

1. Download the CSR file and send to vendor

    

2. Vendor will provide following certificates.

    

. Website certificate --This one you need to import . AddTrustExternalCARoot . UserTrustSAAddtrustCA . Trusted Secure Certificate Authority

1. Now import the certs as mentioned below. System ›› File Management : SSL Certificate List ›› Import

5.Key import details are mentioned below. System ›› File Management : SSL Certificate List ›› Import

Both Cert and key should be same name

Once cert, key and intermediate certs are imported we need to create SSL client profile

6.Configure new SSL certs under Client profile

Create a new profile as mentioned below Go to Local Traffic ›› Profiles : SSL : Client In Certificate, key and chain select the files which you created Then click Add Once certificate key chain is update, click finished

Most of the times you need to update intermedaite certificate. Then you need to bundle certificates other than website certificate and import and call in SSL client profile chain section.

Please let me know any more information is required

@RaghavendraSY : your procedure will work because certificate authorities don’t use values in the csr.

"*" character is not a wildcard in common name but a *

Wildcard is managed in Subject Alternate Name attribute. And CN certificate validation is deprecated if SAN is set.

Now google deprecated the CN certificate validation in chrome browser to support only SAN validation