I am attempting to create a wildcard SSL cert with a Subject Alternative Name (SAN) for use in IIS 7.5 and I'm having some issues. Because I need to include a SAN, I am using the Custom Certificate Request tool under the Certificates snap-in on Windows.
Thus far, I have managed to get a working wildcard certificate when I use the IIS 7.5 Create Certificate Request wizard, and a working SAN certificate when I use the Custom Certificate Request wizard (in the Certificates snap-in), but I have been unable to get both working in the same cert.
The cert which I generated with the Custom Certificate Request wizard has the following properties:
Subject Name:
- CN=*.domain.local
Alternative Name:
- DNS=domain.local
Extended Key Usage:
- Server Authentication
(Private) Key Type:
- Exchange
(Private) Key Options:
- Key size: 2048
- [x] Make private key exportable
With the above cert in IIS 7.5, requests to the SAN of https://domain.local are secure, but https://*.domain.local requests are unsecure with the browser stating that the cert is only valid for domain.local (instead of *.domain.local).
Ultimately, my objective is to have a cert which works on *.domain.local and domain.local.
Using the Custom Certificate Request wizard in the Windows Certificates snap-in, how can I create a certificate request for a cert containing a wildcard and a SAN attribute?
Best Answer
When a subject alternative name is in place, the common name (edit: from the subject) is no longer used. Solution: Add the wildcard name to the list of subject alternative names.