vSG doesn't allow CSR creation for wildcard certificate?

  • 1
  • Question
  • Updated 7 months ago
I'm running vSG 3.4.1 and tried to create a CSR for a wildcard certificate, but when I enter *.mydomain.com in the Common Name field it turns red and won't accept that and says I need a "fully qualified domain name" there. Does the vSG really not support wildcard certs? Or am I doing something wrong?
Photo of Jim Michael

Jim Michael

  • 37 Posts
  • 11 Reply Likes

Posted 7 months ago

  • 1
Photo of PARESH PATEL

PARESH PATEL

  • 12 Posts
  • 0 Reply Likes
Hi Jim,
can you import a certificate?
I have implemented on vSZ-H without even generating CSR.  I am using Wildcard cert for vSZ.

I imported a wild card cert.  Fill out fields Server Cert, Intermediate CA cert and Private key.

and applied cert on Management web and Hotspot(WISPr). 

Hope this helps!!
Photo of Jim Michael

Jim Michael

  • 37 Posts
  • 11 Reply Likes
Thanks, Paresh. I was able to export the cert from an IIS box with the key file and it imported fine. Because we use Digicert with unlimited re-issues, I often just do a CSR and get a new cert specific to the device simply because it's so fast and easy... but there appears to be something wrong with the way Ruckus implemented their cert process in vSZ... Once I got around the issue above just by giving it a full hostname (I've never seen a device complain about a wildcard in the common name, but whatever), I then created a CSR, uploaded it to Digicert, got my cert back and attempted to import it, but the vSZ made me either 1. Point at a key file (which I clearly didn't have since the appliance didn't give me one during CSR creation), or 2. Point AT the CSR I'd just created, a drop down in the import UI. That #2 option (my only option) simply does not work... it complains that the key doesn't match the server... so something is broken in their logic, or maybe it's a result of them not accepting a wildcard in the common name and making me add a hostname just to get the CSR created.

Anyway, exporting from another server with the key and importing worked great. Thanks!