Can I make a wildcard certificate for IIS? - Openssl

This is a discussion on Can I make a wildcard certificate for IIS? - Openssl ; I am developing a web application at home using XP Pro and IIS 5.1. I want to use https:// to access the application. I made a certificate for localhost using OpenSSL, and it work fine on my XP. I need ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Can I make a wildcard certificate for IIS?

  1. Can I make a wildcard certificate for IIS?


    I am developing a web application at home using XP Pro and IIS 5.1. I want to
    use https:// to access the application. I made a certificate for localhost
    using OpenSSL, and it work fine on my XP. I need to access the application
    from other place, like in the same network or from the Internet. I find out
    my cell phone (LG KS20) cannot accept the certificate, since it does not
    match the web site (192.168.1.100).

    Could I make a wildcard certificate for all situation (localhost,
    192.168.1.100, ???.mydomain.no-ip.org, etc)? That is, can I put * as the
    common name for the certificate?

    Thank you for any suggestion.
    --
    View this message in context: http://www.nabble.com/Can-I-make-a-w...p18678153.html
    Sent from the OpenSSL - User mailing list archive at Nabble.com.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. Re: Can I make a wildcard certificate for IIS?


    Thank you for your reply. Althought there are many TERMS I don't understand,
    thank you very much. I ill learn more. :clap:


    Loren M. Lang wrote:
    >
    > dumbloser wrote:
    >> I am developing a web application at home using XP Pro and IIS 5.1. I
    >> want to
    >> use https:// to access the application. I made a certificate for
    >> localhost
    >> using OpenSSL, and it work fine on my XP. I need to access the
    >> application
    >> from other place, like in the same network or from the Internet. I find
    >> out
    >> my cell phone (LG KS20) cannot accept the certificate, since it does not
    >> match the web site (192.168.1.100).
    >>
    >> Could I make a wildcard certificate for all situation (localhost,
    >> 192.168.1.100, ???.mydomain.no-ip.org, etc)? That is, can I put * as the
    >> common name for the certificate?

    >
    > There is no wildcard that matches everything. I tend to use the split
    > views DNS feature in BIND for this where it will report a different
    > answer to clients outside the firewall than inside it. Barring that,
    > two DNS names, one for inside and outside would work using the
    > subjectAltName extension. You can also specify IP address alt names as
    > well. Your CN should be set to exactly one name for compatibility and
    > should be repeated in the subjectAltName extension along with other names.
    >
    > subjectAltName = DNS:*.mydomain.no-ip.org, DNS:localhost,
    > IP:192.168.1.100, IP:::1
    >
    >>
    >> Thank you for any suggestion.

    >
    >
    > --
    > Loren M. Lang
    > lorenl@alzatex.com
    > http://www.alzatex.com/
    >
    >
    > Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
    > Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B
    >
    >
    >


    --
    View this message in context: http://www.nabble.com/Can-I-make-a-w...p18788040.html
    Sent from the OpenSSL - User mailing list archive at Nabble.com.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread