Hi all. Is anyone here running the ICG with a wildcard certificate?
Hi @member! Yes, I do.
anything special that we need to be aware about, we have been trying for the past 2 days but so far didn’t get it working.
I would check if:
1. the Certifcate Chain is complete
2. you might need to import the private Key
You need not only a wildcard certificate, you also need to create a signed Cert based on that wildcard cert, so a full chain of trust.
Also, ensure that *.domain.com domain.com AND domain .com are part of the certificate (CN and SAN) like what’s shown below:
To Lars’ point, the root certificate portion of the chain is what the ICG uses to validate on via the certificate and private key in the form of a keystore file.
Here’s what my ICG certificate looks like in the UMS:
Chain, cert, and private key are critical with the CN and SANs aligned like what I posted above.
oh you use letsencypt? how do you handle the frequent renewals?
Please don’t use lets encrypt. You will regret that decision if you ever miss the endpoint certificate update.
To Chris’ point, Let’s Encrypt is not a great choice for production workloads. For a test environment (aka NON-PRODUCTION), Let’s Encrypt is a great way of quickly standing something up that works well with full SSL support.
i fully agree will you guys. we got the wildcard working, but i had to recreate the ICG to be able to use it, as i was not able to update the Ca and teh cert chain
Thanks for the update. When you say recreate, do you mean reinstall via the UMS where the ICG is removed and readded? Or do you mean a full uninstall/reinstall?
I had to remove via the UMS and then add a new ICG via the UMS
Continue reading and comment on the thread ‘Anyone here running the IGEL ICG with a wildcard certificate?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!