UC Certificate Nirvana | DigiCert Wildcard Plus

Nirvana?  Maybe not, but the DigiCert Wildcard Plus certificate is by far the best SSL certificate for all Cisco Collaboration applications that I have used.  Yes I know, most Cisco Collaboration applications do not officially support using wildcard certificates, but the DigiCert Wildcard Plus certificate is much more than just a *.

For detailed information click here DigiCert Wildcard Plus SSL Certificate.

Once Mr. Customer has purchased the DigiCert Wildcard Plus certificate, you will need to follow the outlined process to create duplicate server or Multi-SAN certificates.

  • Login to the DigiCert customer portal and go to My Orders -> Manage Orders.
  • Click on the Order# that is specific to the WildCard Plus product.

digi 1

  • You will now see the wildcard certificate that was purchased.  If the customer would like to use this wildcard they can download it from this page.  You will also see a Reissue Actions section, this section is used to only manage and modify the wildcard certificate only.  The Duplicate button allows you to make a duplicate certificate (add SANs) but you cannot change the Common Name which is *.customer.com.

digi 2

  • I prefer to make a duplicate server or Multi-SAN certificate and remove the wildcard.  This requires some assistance from DigiCert support, which has been good so far.  You will need to add a custom note using the Add a Note text box on the right side of the customer portal.

digi 3

  • In the Add a Note you will need to specify that you would like to remove the wildcard, change the Common Name (CN), specify any additional Subject Alternate Names (SAN) that you need, and paste in the Certificate Signing Request (CSR).

Note: If this duplicate certificate is going to be Multi-SAN, please specify that they need to include the domain as a SAN.  This was the only issue I have had so far.  Thinking they would add the domain as a SAN by default, but that was not the case.

This is a sample of what you should include in the note:

This is a multi-SAN CSR need the following and make sure the domain name is specified as a SAN.

Remove wildcard

Change CN= ucm1.customer.com

Add SANs= ucm2.customer.com, con1.customer.com, con2.customer.com, imp1.customer.com, imp2.customer.com, customer.com

—–BEGIN CERTIFICATE REQUEST—–

CSR goes here.

—–END CERTIFICATE REQUEST—–

  • Now that you have submitted the duplicate certificate request, you must contact DigiCert Support to have them generate the new certificate.  I have done this by sending them an email, by phone, or by using the chat feature on their customer portal.  Once they have generated the new certificate it will be posted to the customer portal for download under the Download Duplicate Certificates section.

digi 4

  • Rinse and Repeat!

Oh yeah, drink the Kool-Aid…

 

Author: ciscokoolaid

Cisco Collaboration Architect.

Leave a comment

Sam I Am Sam

A Cisco Unified Communications Primer in DevOps

Cisco Collab Engineering Tips

Michael White - CCIE #26626

Unified Communications Guerrilla

Cisco Collaboration

UC Corner

Cisco Collaboration

The Cloverhound Blog

Cloverhound Employees Talk Unified Communications and Contact Center