Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1485 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18.0.5 WAF LetsEncrypt Wildcard certificate

AlexanderPoettinger

I have a LetsEncrypt certificate with the following parameters (sorry for the substitutions, but there's customer names in the domain/hostnames):

CN = {HOSTNAME1}.{DOMAINNAME1}.de

DNS-Name=*.{HOSTNAME1}.{DOMAINNAME1}.de
DNS-Name={HOSTNAME2}.{DOMAINNAME1}.de
DNS-Name={HOSTNAME1}.{DOMAINNAME1}.de
DNS-Name={HOSTNAME3}.{DOMAINNAME1}.de

Which means, that it should be a wildcard certificate for {HOSTNAME1}.{DOMAINNAME1}.de

I have succesfully imported the certificate into the XG firewall.

Unfortunately the only domain name allowed by the Webserver Protection rule is {HOSTNAME1}.{DOMAINNAME1}.de, that is the CN entry.

All the other DNS names are rejected when I save the rule.

Any idea on where it's going wrong?



This thread was automatically locked due to age.
  • 0

    While having a Certificate with multiple SAN's, by default the WAF will only pick the CN and give you an error for everything else.

    But if you ignore the error message and save the WAF Policy, the certificate will be used as expected for all clients.

    Here's the message It shows:

    If you click on "OK", It will save the WAF Policy and use the selected certificate as expected.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Unfiltered HTML