Wildcard installation ZD3000

  • 1
  • Question
  • Updated 7 years ago
Hello all,

Per instructions in the 9.6 ZD manual, I have tried (and failed) multiple times to import our domain wildcard cert. Per the instructions:
A wildcard certificate is a generic certificate that can be used for devices in a specific domain. This is useful for Smart Redundancy installations where you have two ZoneDirectors. You can purchase and install two certificates, or use a wildcard certificate.
When you try to import a wildcard certificate, the ZoneDirector will notify you that it does not
have the matching private key. At this point, click on the “click here” link to import the private
key. Once the private key is imported, try to import the certificate again. The ZoneDirector will
prompt you for the host name. Enter the hostname and ensure that your DNS server is
configured to resolve that name to the IP address of ZoneDirector.

Having done that, I get stuck in an endless loop of not being able to apply the cert, any help?
Photo of Linda Rudawitz

Linda Rudawitz

  • 5 Posts
  • 0 Reply Likes

Posted 7 years ago

  • 1
Photo of Lex


  • 13 Posts
  • 6 Reply Likes
Follow these steps to export a certificate with the private key (assumes Windows Server)


Once you have the PFX file it needs to be decrypted to be accepted by ZD. Download and install OpenSSL from http://www.slproweb.com/products/Win3...

Browse to the folder you have installed OpenSSL in command prompt and run the command

openssl pkcs12 -in [path]certificate.pfx -out [path]certificate.pem -nodes

You should be asked for the password specified when exporting the certificate with the private key in the first step.

Now continue on to the Zone Director, import the certificate, choose the option to accept certificate and install a matching private key, then click browse again and select the newly created .PEM file. The ZD will now ask you for the host name and offer to install the certifcate and reboot or continue with installing intermediate certificates.

Done! This needs to be added to the KB.