Share via

Certificate information

Duchemin, Dominique 2,006 Reputation points
2021-04-22T04:38:31.147+00:00

Hello,

I read https://support.cloudways.com/difference-between-single-multiple-wildcard-ssl/ but I don't see much difference between the two types of certificate as all the ones we used seems to be issued individually for each server....

Which type of certificate should be selected from these two types:
Certificate Type
SSL (SAN - Multiple FQDN)
SSL (HTTPS - Single Site)

Does this next item reflect the intended purpose?
Which type of Web Server should be selected for them:
Type of Web Server
Microsoft IIS 5.x and later
Other

Which type of Issuer should be selected for them:
Issuer:
Internal CA
External InCommon

For the following servers….
Distribution Points:

Issued To: VRPSCCMDP01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMDP01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Distribution Point Certificate

Issued To: VRPSCCMDP01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
Primary Server:
VRPSCCMPR01

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Distribution Point Certificate

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM SCUP Signing Certificate

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
Management Server:
VRPSCCMMS03

Issued To: VRPSCCMMS03.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMMS03.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM IIS and Reporting Certificate

Issued To: VRPSCCMMS03.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
SQL Server:
VRPSCCMSQL01

Issued To: VRPSCCMSQL01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMSQL01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
Software Update Points:
VRPSCCMSU01

Issued To: VRPSCCMSU01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMSU01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM SCUP Signing Certificate

Issued To: VRPSCCMSU01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate

Other Software Updates point having the same type of certificates:
DGIT-SU-SCCM-DP01

Internet-Base Client Management :
VRPSCCMIBCM01
Issued To: VRPSCCMIBCM01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMIBCM01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/24/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM SCUP Signing Certificate

Issued To: VRPSCCMIBCM01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM IBCM Web Server Certificate
Reporting Service:
VRPSCCMRS01

All other distribution points have the same type of certificates…
AGOSCCMDP01; CHSSCCMDP01; CHSSCCMDP02; DGIT-DP-SCCM-P1; KSTSCCMDP01; SMHSCCMDP01; SMHSCCMDP02; VIPSCCMDP01; VIPSCCMDP02; VRPSCCMDP01; VRPSCCMDP02; VSPSCCMDP01

Thanks,
Dom

Windows for business | Windows Client for IT Pros | Devices and deployment | Other
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments
Accepted answer
  1. Anonymous
    2021-04-23T08:25:59.977+00:00

    Hello @Duchemin, Dominique ,

    Thank you for posting here.

    Here are the answers for your references.

    Q1: Which type of certificate should be selected from these two types:
    Certificate Type
    SSL (SAN - Multiple FQDN)
    SSL (HTTPS - Single Site)

    A: We can select based on your needs and requirements.

    If it is SSL (HTTPS - Single Site) certificate, only the certificate subject is the same as Single Site, the subject is the actual subject.

    If it is SSL (SAN - Multiple FQDN), if a SSL Certificate has a Subject Alternative Name (SAN) field, then SSL clients are supposed to ignore the Common Name value and seek a match in the SAN list. If one SAN matches, the subject is the actual subject.

    Q2: Does this next item reflect the intended purpose?
    Which type of Web Server should be selected for them:
    Type of Web Server
    Microsoft IIS 5.x and later
    Other

    A: Usually, we select certificate template based on the intended purpose to request certificate.

    For example:
    90529-extension1.png

    Q3: Which type of Issuer should be selected for them:
    Issuer:
    Internal CA
    External InCommon

    A: If you have your internal CA server with AD CS role installed and configured, you can use your Internal CA. If you do not have your internal CA server, you can select third-part CA to issue certificates (this may require payment).

    For how to compare subject when certificate is used, we can refer to similar link below.

    Subject Alternative Names: Compatibility
    https://www.digicert.com/faq/subject-alternative-name-compatibility.htm

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.