M and MSM Series
1748063 Members
5543 Online
108758 Solutions
New Discussion юеВ

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

 
SOLVED
Go to solution
jholcombe
Advisor

Wildcard certificate on MSM causes asterisk in DNS redirect

Everything I read indicates that wildcard certificates (*.domain.com) are not supported on the MSM.  Is this still the case?  Is there a workaround for this problem?

 

When a user connected to an Access Controlled VSC opens a web browser, (when using a wildcard certificate) they are re-directed to http://*.domain.com:8080/index.asp   (where domain.com is our domain).  If you manually type the interface IP address of the controller in place of *.domain.com, then the correct authentication page loads.

 

The same is true once a user is authenticated.  Normally a session pop-up is supposed to appear.  However, the URL is wrong (contains the asterisk instead of the host name of the controller).  Han anyone run into this before?  Any help is much appreciated.

 

I am going to check DNS as well, but I figure the controller (since it is intercepting DNS) would be able to make it's own URL with a wildcard certificate.  Please let me know if there is a workaround for this.  Any help is greatly appreciated.

 

Thank you!,

 

--John

5 REPLIES 5
Peter_Debruyne
Honored Contributor
Solution

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

As far as I know this is not supported. I recommend my customers to use e.g. http://www.startcom.org/ to generate a free official certificate for the controller guest portal (1 free cert per domain I believe)

Remember to include the CRL URL of the certificate in the unauthenticated user ACL on the controller, so new guest systems are able to verify and resolved the CRL of the certificate, otherwise the browser can take a long time before it shows the secure login page (trying to check the CRL, but it fails since blocked by the controller)

 

best regards,Peter

jholcombe
Advisor

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

Thank you Peter. I think that is my best option for now. Hopefully HP will release some new code in the future that allows us to use our wildcard domain certificate.
LovatoG
New Member

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

That is NOT SOLVED. The provided solution is just a workaround.

This is a SERIOUS bug of the MSM760 software. The redirect hostname should be configurable, not hardcoded in the SSL certificate, since a valid (and paid) wildcard certificate should be fine.

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

I have been using wildcard certs on the web management interface since back to at least 5.3.6 software. It works flawlessly. Installed from a PFX file and using a split DNS namespace.

SUQLD
Occasional Visitor

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

This is also affecting us. Redirect hostname should be configurable!