M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

Wildcard certificate on MSM causes asterisk in DNS redirect

 
SOLVED
Go to solution
Highlighted
jholcombe
Advisor

Wildcard certificate on MSM causes asterisk in DNS redirect

Everything I read indicates that wildcard certificates (*.domain.com) are not supported on the MSM.  Is this still the case?  Is there a workaround for this problem?

 

When a user connected to an Access Controlled VSC opens a web browser, (when using a wildcard certificate) they are re-directed to http://*.domain.com:8080/index.asp   (where domain.com is our domain).  If you manually type the interface IP address of the controller in place of *.domain.com, then the correct authentication page loads.

 

The same is true once a user is authenticated.  Normally a session pop-up is supposed to appear.  However, the URL is wrong (contains the asterisk instead of the host name of the controller).  Han anyone run into this before?  Any help is much appreciated.

 

I am going to check DNS as well, but I figure the controller (since it is intercepting DNS) would be able to make it's own URL with a wildcard certificate.  Please let me know if there is a workaround for this.  Any help is greatly appreciated.

 

Thank you!,

 

--John

5 REPLIES 5
Highlighted
Peter_Debruyne
Honored Contributor
Solution

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

As far as I know this is not supported. I recommend my customers to use e.g. http://www.startcom.org/ to generate a free official certificate for the controller guest portal (1 free cert per domain I believe)

Remember to include the CRL URL of the certificate in the unauthenticated user ACL on the controller, so new guest systems are able to verify and resolved the CRL of the certificate, otherwise the browser can take a long time before it shows the secure login page (trying to check the CRL, but it fails since blocked by the controller)

 

best regards,Peter

Highlighted
jholcombe
Advisor

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

Thank you Peter. I think that is my best option for now. Hopefully HP will release some new code in the future that allows us to use our wildcard domain certificate.
Highlighted
LovatoG
Occasional Visitor

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

That is NOT SOLVED. The provided solution is just a workaround.

This is a SERIOUS bug of the MSM760 software. The redirect hostname should be configurable, not hardcoded in the SSL certificate, since a valid (and paid) wildcard certificate should be fine.

Highlighted

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

I have been using wildcard certs on the web management interface since back to at least 5.3.6 software. It works flawlessly. Installed from a PFX file and using a split DNS namespace.

Highlighted
SUQLD
Occasional Visitor

Re: Wildcard certificate on MSM causes asterisk in DNS redirect

This is also affecting us. Redirect hostname should be configurable!