Menu

SSL Certificate - Could we use a wildcard certificate

0 votes

We are updating our public SSL certificate and would like to utilize a wildcard certificate instead. Does the application support that?
At the moment - we are getting a error, but we can see that it is using the new wildcard certificate.

in Security by (120 points)
dbFront should not care as long as the certificate allows the browser to complete a valid SSL connection to the web server.   dbFront only reports and warns about the lack of an SSL secured connection.   What error are you getting?
The error we get with with our expired dbfront.domain.com certificate and new *.domain.com certificate is the same.

Error is "the connection is invalid. SSL certificate expired" however, the details below (on the same error page) shows certificate CN *.domain.com with certificate validity until July 19, 2023
Is there a load balancer in the mix?  Internally dbFront uses the Request.IsSecureConnection() call in c#.    See: https://stackoverflow.com/questions/12725859

1 Answer

0 votes

I am going to assume that the issue was the load balancer. Please indicate if there is something else going on.

The issue with using a LoadBalancer is that they are often the termination point for the SSL connection. The LoadBalancer forwards the conversation to the WebServer/dbFront as plain, unsecure HTTP. This means that the client sees that the connection is running over SSL but dbFront and the WebServer only see HTTP which is unsecure.

One solution would be to configure dbFront to look for custom HTTP headers added by the LoadBalancer. This would need to be site specific.

Let me know if that functionality is required.

by (65.1k points)
Welcome to the dbFront Q&A site, where you can ask questions and receive answers from other members of the community.
 | Minimalist Answer Theme by Digitizor Media
 |
Powered by Question2Answer
...