Are Signed SSL Certificates using wildcard based CN and/or SAN entries supported for HTTPS configurations in Portal?

Does DX NetOps Performance Management Portal web server support wildcard SAN entries in SSL Certificates?

All supported DX NetOps Performance Management releases

Note that using wildcard entries can sometimes ease administration, it's not recommended due to the security implications it might raise.

Despite the potential security risk we do support use of wildcard SAN entries in signed SSL Certificates.

As long as the Web Site Host value configuration is set to use the host name users use to access the Portal web UI, and that name is represented by one of the wildcard SAN entries it would work.

Alternative solution: To ease certificate administration some users have generated signed certificates that have all NetOps server host names that have SSL configured as a SAN. This way only one certificate is needed since it has a SAN entry for all hosts that might be SSL configured.

Additional notes:

• In releases 21.2.12 through 22.2.3 we required only using Web Site Host for web client access. That was removed with the 22.2.4 release.
• In releases 22.2.4+ Web Site Host should be set to the same hostname used for email report links and notification URLs.
• In releases 22.2.7+ we use:
  • Web Site Host for internal SSO->Portal calls for JSPs.
  • Web Service Host for internal PC/DM/EM->SSO calls.
  • The web client can be accessed using whatever host entries are in the signed SSL Certificate SAN entries.
  • This requires values set for both Web Site Host and Web Service Host need to be entered as SAN entries in the signed SSL Certificate.