This post will cover Wild card Certificate (*.domain.com) CSR generation , Certificate request from Microsoft CA and Certificate installation with chaining. This post will cover how to create CSR for *.sslab.com certificate.
Create RSA key file
First step to create CSR is to create key file which will be used for encryption and decryption. In another way of saying this is very critical to secure your data passing over SSL.
Traffic management – SSL – SSL Files – Select Keys – Create RSA Key.
Provide information as shown below.
- KeyFileName: SSLAB_COM_Wildcard.key
- Key size: 2048
- Public Exponent value : F4
- Key format: PEM
- PEM algorithm: DES3
- PEM Passphrase and confirm : password for key file <very important to remember>
Create Certificate request (CSR)
- Request file Name: SSLAB_COM_wildcard.csr
- Key file Name: SSLAB_COM_wildcard.key ( created in previous step)
- Key format : PEM
- PEM Passphrase: password given for key file in last step
- Digest Method: SHA256
- Common Name: *.sslab.com
- Organization : SSLAB
- Department: IT
- Select state and country
Select the CSR and download, open with text editor.
Generate Certificate form Microsoft CA or External CA
Open the CSR With text editor or notepad, copy the complete contents without any spaces in the last.
Send this information to external CA like godaddy or digicert. For microsoft certificate authority steps are below.
select request certificate
Copy the CSR contents as shown below , select type WEB SERVER then submit.
Select Base 64 encoded and download certificate, rename this certificate to wildcard.cer or so
Install certificate and Chaining
To install certificate go to Traffic management – SSL – Certificate – Server certificate – Click Install
Provide a decent name for the certificate, this will be the name visible in GUI.
Choose the certificate file received from MS CA or external CA – Select the key file created in step 1 – provide password given in step 1 – Install
Download and install all ROOT and intermediate certificates. they should be installed under SSL – Certificates – CA certificates. Just installation is enough no key file or password is required as they are CA certificates not our server certificate.
Then select our wild card certificate and Click on link.
It should provide the ROOT CA or relevent intermediate certificate which is already installed – Click OK.
Now the wild card certificate is installed as shown below.
Hope this post is helpful.