Certificate information

Duchemin, Dominique 2,006 Reputation points
2021-04-22T04:38:31.147+00:00

Hello,

I read https://support.cloudways.com/difference-between-single-multiple-wildcard-ssl/ but I don't see much difference between the two types of certificate as all the ones we used seems to be issued individually for each server....

Which type of certificate should be selected from these two types:
Certificate Type
SSL (SAN - Multiple FQDN)
SSL (HTTPS - Single Site)

Does this next item reflect the intended purpose?
Which type of Web Server should be selected for them:
Type of Web Server
Microsoft IIS 5.x and later
Other

Which type of Issuer should be selected for them:
Issuer:
Internal CA
External InCommon

For the following servers….
Distribution Points:

Issued To: VRPSCCMDP01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMDP01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Distribution Point Certificate

Issued To: VRPSCCMDP01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
Primary Server:
VRPSCCMPR01

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Distribution Point Certificate

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM SCUP Signing Certificate

Issued To: VRPSCCMPR01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
Management Server:
VRPSCCMMS03

Issued To: VRPSCCMMS03.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMMS03.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM IIS and Reporting Certificate

Issued To: VRPSCCMMS03.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
SQL Server:
VRPSCCMSQL01

Issued To: VRPSCCMSQL01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMSQL01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate
Software Update Points:
VRPSCCMSU01

Issued To: VRPSCCMSU01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMSU01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM SCUP Signing Certificate

Issued To: VRPSCCMSU01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM Web Server Certificate

Other Software Updates point having the same type of certificates:
DGIT-SU-SCCM-DP01

Internet-Base Client Management :
VRPSCCMIBCM01
Issued To: VRPSCCMIBCM01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 1/5/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM Client Certificate

Issued To: VRPSCCMIBCM01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/24/2023
Intended Purposes: Client Authentication
Certificate Template: SCCM SCUP Signing Certificate

Issued To: VRPSCCMIBCM01.ad
Issued By: AD Certificate Authority-CA1
Expiration Date: 2/16/2023
Intended Purposes: Server Authentication
Certificate Template: SCCM IBCM Web Server Certificate
Reporting Service:
VRPSCCMRS01

All other distribution points have the same type of certificates…
AGOSCCMDP01; CHSSCCMDP01; CHSSCCMDP02; DGIT-DP-SCCM-P1; KSTSCCMDP01; SMHSCCMDP01; SMHSCCMDP02; VIPSCCMDP01; VIPSCCMDP02; VRPSCCMDP01; VRPSCCMDP02; VSPSCCMDP01

Thanks,
Dom

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,171 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,728 questions
Windows Hardware Performance
Windows Hardware Performance
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Hardware Performance: Delivering / providing hardware or hardware systems or adjusting / adapting hardware or hardware systems.
1,546 questions
0 comments
Accepted answer
  1. Daisy Zhou 18,706 Reputation points Microsoft Vendor
    2021-04-23T08:25:59.977+00:00

    Hello @Duchemin, Dominique ,

    Thank you for posting here.

    Here are the answers for your references.

    Q1: Which type of certificate should be selected from these two types:
    Certificate Type
    SSL (SAN - Multiple FQDN)
    SSL (HTTPS - Single Site)

    A: We can select based on your needs and requirements.

    If it is SSL (HTTPS - Single Site) certificate, only the certificate subject is the same as Single Site, the subject is the actual subject.

    If it is SSL (SAN - Multiple FQDN), if a SSL Certificate has a Subject Alternative Name (SAN) field, then SSL clients are supposed to ignore the Common Name value and seek a match in the SAN list. If one SAN matches, the subject is the actual subject.

    Q2: Does this next item reflect the intended purpose?
    Which type of Web Server should be selected for them:
    Type of Web Server
    Microsoft IIS 5.x and later
    Other

    A: Usually, we select certificate template based on the intended purpose to request certificate.

    For example:
    90529-extension1.png

    Q3: Which type of Issuer should be selected for them:
    Issuer:
    Internal CA
    External InCommon

    A: If you have your internal CA server with AD CS role installed and configured, you can use your Internal CA. If you do not have your internal CA server, you can select third-part CA to issue certificates (this may require payment).

    For how to compare subject when certificate is used, we can refer to similar link below.

    Subject Alternative Names: Compatibility
    https://www.digicert.com/faq/subject-alternative-name-compatibility.htm

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest