Get a Wildcard SSL Certificate for Your Website - DZone Security
source link: https://dzone.com/articles/getting-wildcard-certificate-for-your-app-at-no-co
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Getting a Wildcard SSL Certificate for Your Website at No Cost
Getting a certificate for a lower environment can be difficult due to cost. Learn how to get a free wildcard certificate and configure it with your website.
Join the DZone community and get the full member experience.
Join For FreeWhen you work for any software deployment project, you deploy code in multiple environments and test it. You test the site with HTTP but not in HTTPS. Why? Because you need an additional certificate for it. Getting a certificate for a lower environment could be difficult due to the costing factors, but there is a way by which you can get a wildcard certificate and configure it with your website.
You can implement a PKI solution by using the AD CS Windows Server role.
PKI (Public Key Infrastructure) is the combination of software, encryption technologies, processes, and services that enables an organization to secure its data, communications, and business transactions. PKI relies on the exchange of digital certificates between authenticated users and trusted resources. You use certificates to secure data and to manage identification credentials from users and computers both within and outside of your organization.
AD CS Windows Server role enables scenarios such as secure wireless network, virtual private network, internet protocol security, network access protection, and encrypting file system.
Today we are going to see how to generate a wildcard certificate. There are two ways: one way is to generate it by using IIS with Internal CA, and another way is to create a wildcard certificate by using MMC with internal CA. Let's look at these one at a time:
Pre-requisites:
1. AD and DNS servers are pre-installed on Windows server 2012 or later version.
2. AD CS role installed (CA + CA Web Enrollment) on standalone windows server 2012 or later version.
Deployment Step
1st Method:
1. Login into the application server, open the IIS console, and click on server certificate under the server name:
2. Create a domain certificate as shown below.
3. Select Certification Authority and give it a friendly name.
4. Validate the certificate.
5. Bind the certificate on your website. Select default website, click on Bind, and then choose type HTTPS and then wildcard certificate which you have created.
6. Make alias entry on DNS server to point to app server where you have installed the certificate.
7. Now you can browse the site on HTTPS. When you click on the lock icon on the browser, you see the valid certificate issued by the internal CA.
2nd Method:
1. Login into the Application server and open the certificates MMC snap-in and add certificate snap-in.
2. Next select a computer account for certificate management and then select the local computer to open the console.
3. Right-click the Certificates folder, which is found under the personal folder. Select All Tasks > Advanced Options > Create Custom Request:
4. In the Certificate Enrollment Page select Custom Request > Proceed without enrollment policy, and then select Next.
5. In the Custom Request Page select (No template) Legacy key from the drop-down and then select Next.
6. On the Certificate Information Page, expand the Details link, then select the Properties button.
7. On the General tab, complete the Friendly name field and optionally you can add a description for the certificate. Later add info in the subject line like a common name for wildcard certificate (*.sagarcloud.com), OU, Organization, State, Country.
8. Select the Extensions tab, In Key usage select Digital and Key encipherment.
9. On the Private Key tab set the key size to 4096, select the option "Make private key exportable."
10. Click ok, next, and finish. Save the requested file on a local drive. Now you have created a certificate request. The next step is to generate the certificate.
11. Login into the CA server and browse your internal CA web enrollment page (http://localhost/certsrv/Default.asp ) and click on request a certificate.
12. Click on advanced certificate request:
13. Open the previously created request file in notepad (refer to step #10) and copy all the data and paste it saved request box. Select web server and click on submit.
14. Once it is done, it will offer to download the certificate. Select base 64 and download the certificate. Copy the certificate on the client machine where you raised the certificate request.
15. Connect to the client machine and open MMC. Right-click the Certificates folder in the personal folder store and select import to the certificate.
Once you have performed all the above steps successfully, open the certificate and you should have a valid wildcard certificate.
Let me know your thoughts about this article. If you want to know how to install the AD CS role installed (CA + CA Web Enrollment), comment so that I will share it in the next article.
Recommend
-
63
We’re pleased to announce that ACMEv2 and wildcard certificate support is live! With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every websi…
-
11
Going with paid SSL certificates when starting a new blog or e-commerce store is expensive. To keep costs down, you should get a free SSL for your website during your first project. You can then replace it with a paid one at any...
-
5
TIL: Wildcard SSL certificate does not support nested subdomains Aug 3 ・1 min read...
-
7
Mulesoft DataWeave is a simple powerful tool to transform data inside a flow. Numerous core operators and functions are already present to perform various operations such as capitalize, camelize, upper, and lower. For string operations...
-
8
When setting up an e-commerce website, online business owners definitely want to do all they can to ensure their site is secure. One way that they can reach this goal is by obtaining a website security certificate. As for what this is,...
-
7
Using a Different System? Let...
-
9
Not FoundYou just hit a route that doesn't exist... the sadness.LoginRadius empowers businesses to deliver a delightful customer experience and win customer trust. Using the LoginRadius Identity...
-
7
Securing Your Filecloud Installation with a Wildcard Letsencrypt SSL Certificate
-
7
Recently I was wondering if I could deploy a Google-managed wildcard SSL certificate on my Global External HTTPS Load Balancer. In this blog, I will show you step by step how you can deploy a Global HTTPS Load Balancer using a Google-managed wildc...
-
6
Using WSL and Let's Encrypt to create Azure App Service SSL Wildcard Certificates There are many let's encrypt automatic tools for azure but I also wanted to see if I could use certbot in wsl to gen...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK