topic Re: Wildcard certificate on MSM causes asterisk in DNS redirect in M and MSM Series

Wildcard certificate on MSM causes asterisk in DNS redirect

jholcombe — Thu, 17 Jan 2013 20:55:43 GMT

Everything I read indicates that wildcard certificates (*.domain.com) are not supported on the MSM. Is this still the case? Is there a workaround for this problem?

When a user connected to an Access Controlled VSC opens a web browser, (when using a wildcard certificate) they are re-directed to http://*.domain.com:8080/index.asp (where domain.com is our domain). If you manually type the interface IP address of the controller in place of *.domain.com, then the correct authentication page loads.

The same is true once a user is authenticated. Normally a session pop-up is supposed to appear. However, the URL is wrong (contains the asterisk instead of the host name of the controller). Han anyone run into this before? Any help is much appreciated.

I am going to check DNS as well, but I figure the controller (since it is intercepting DNS) would be able to make it's own URL with a wildcard certificate. Please let me know if there is a workaround for this. Any help is greatly appreciated.

Thank you!,

--John

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

Peter_Debruyne — Thu, 17 Jan 2013 22:05:33 GMT

As far as I know this is not supported. I recommend my customers to use e.g. http://www.startcom.org/ to generate a free official certificate for the controller guest portal (1 free cert per domain I believe)

Remember to include the CRL URL of the certificate in the unauthenticated user ACL on the controller, so new guest systems are able to verify and resolved the CRL of the certificate, otherwise the browser can take a long time before it shows the secure login page (trying to check the CRL, but it fails since blocked by the controller)

best regards,Peter

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

jholcombe — Tue, 05 Feb 2013 19:31:54 GMT

Thank you Peter. I think that is my best option for now. Hopefully HP will release some new code in the future that allows us to use our wildcard domain certificate.

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

LovatoG — Wed, 28 May 2014 15:14:47 GMT

That is NOT SOLVED. The provided solution is just a workaround.

This is a SERIOUS bug of the MSM760 software. The redirect hostname should be configurable, not hardcoded in the SSL certificate, since a valid (and paid) wildcard certificate should be fine.

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

Henning Søilen — Fri, 20 Jun 2014 07:08:46 GMT

I have been using wildcard certs on the web management interface since back to at least 5.3.6 software. It works flawlessly. Installed from a PFX file and using a split DNS namespace.

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

SUQLD — Mon, 12 Jun 2017 02:55:51 GMT

This is also affecting us. Redirect hostname should be configurable!