Advertisement
Hi,<\/p>\n
We are planning to purchase a new wildcard certificate for our internal servers: We need to generate a CSR request to get the cert. Thank you!<\/p>","upvoteCount":4,"answerCount":4,"datePublished":"2020-05-14T04:50:09.000Z","author":{"@type":"Person","name":"kamram","url":"https://community.spiceworks.com/u/kamram"},"acceptedAnswer":{"@type":"Answer","text":" You can generate the CSR on any of the servers as they are all going to be covered by *.domain.com<\/p>\n having just gone through this to get our current wildcard certificate set up on our sonicwall this was what I did - although it seems too simple to be correct!<\/p>\n Generated the CSR for the wildcard cert on server A (in our case, exchange) for *.domain.com You should be able to repeat the import using that same exported/password comb on any/all servers that meet the criteria of *.domain.com<\/p>\n As far as I can see there’s nothing wrong with that setup, and the only downside I can see is that when it comes time to renew you’ll need to generate the renew request from server A, then re-export the certificate once it’s re-validated and import it back onto the other servers it’s been deployed on. Although I’ve not had to deal yet with renewing a certificate that has been deployed elsewhere so there might be an easier way to do that<\/p>","upvoteCount":3,"datePublished":"2020-05-14T07:51:38.000Z","url":"https://community.spiceworks.com/t/generating-certificate-csr-for-multiple-servers/762629/2","author":{"@type":"Person","name":"alexdavidson8771","url":"https://community.spiceworks.com/u/alexdavidson8771"}},"suggestedAnswer":[{"@type":"Answer","text":" Hi,<\/p>\n We are planning to purchase a new wildcard certificate for our internal servers: We need to generate a CSR request to get the cert. Thank you!<\/p>","upvoteCount":4,"datePublished":"2020-05-14T04:50:09.000Z","url":"https://community.spiceworks.com/t/generating-certificate-csr-for-multiple-servers/762629/1","author":{"@type":"Person","name":"kamram","url":"https://community.spiceworks.com/u/kamram"}},{"@type":"Answer","text":" To avoid wildcards, you could create the CSR on server1 and add server2 and 3 to the SAN (=Subject Alternative Name) of the certificate request.<\/p>\n I always use an inf file to be read by certreq to create the CSR. That way you are in complete control of the content of the CSR.<\/p>\n
\nserver1.domain.com<\/a>
\nserver2.domain.com<\/a>
\nserver3.domain.com<\/a>
\netc.<\/p>\n
Advertisement
\nWhich server should the CSR be generated on if we have multiple servers that will be using this cert? (all of them are Windows 2012R2/2016 servers with IIS)<\/p>\n
\nImported the certificate to that server once the request was successful
\nExported the certificate from server A (in our case exchange) - the export from the server should give you the option to export both the certificate and private key, and you’ll need to put a password in (which can be anything you like for now)
\nTake that exported certificate and import it onto server B, remembering to also supply the import procedure with the password you used when exporting<\/p>\n
\nserver1.domain.com<\/a>
\nserver2.domain.com<\/a>
\nserver3.domain.com<\/a>
\netc.<\/p>\n
\nWhich server should the CSR be generated on if we have multiple servers that will be using this cert? (all of them are Windows 2012R2/2016 servers with IIS)<\/p>\n