none
Wildcard certificate error RRS feed

  • Question

  • I try to use wildcard ceritifcate (issued by Let's Encrypt) for ADFS servcies. I still got the error that "authcert" is not a part of the SPN
    Sunday, October 20, 2019 8:19 PM

Answers

  • Normal wildcard certificate only works for per level of wildcard.
    abc.domain.com
    efg.domain.com
    Not
    abc.edg.domain.com

    If you need that, you need to create SAN certificate with multiple wildcards.
    *.domain.com
    *.edg.domain.com

    • Marked as answer by Tom1PL Wednesday, October 23, 2019 2:18 PM
    Wednesday, October 23, 2019 6:38 AM

All replies

  • Hiya,

    Certificates and SPN's(Service Principal Name) doesn't have anything to do with each other.
    It sounds like you are missing an SPN on your ADFS service name maybe?
    ADFS doesn't have any problems using wildcard certificates.

    Got any more error details?

    Monday, October 21, 2019 5:46 AM
  • I guess the error is with too complicated adress, since it is in such format:

    a.b.c.d.e

    and the certificate is for *.d.e

    Monday, October 21, 2019 5:27 PM
  • Normal wildcard certificate only works for per level of wildcard.
    abc.domain.com
    efg.domain.com
    Not
    abc.edg.domain.com

    If you need that, you need to create SAN certificate with multiple wildcards.
    *.domain.com
    *.edg.domain.com

    • Marked as answer by Tom1PL Wednesday, October 23, 2019 2:18 PM
    Wednesday, October 23, 2019 6:38 AM
  • I guess it is a typo. It was probably meant to be read "SAN" not "SPN" :)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, October 23, 2019 2:00 PM
    Owner
  • Like I thought, thanks.
    Wednesday, October 23, 2019 2:17 PM
  • SPN, yes. Typing on a phone with screen keyboard is not the most convinient.
    Wednesday, October 23, 2019 2:18 PM
  • You mean SAN again? Or are we really talking Kerberos here?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, October 23, 2019 4:19 PM
    Owner