I hesistate to ask this be a Request For Enhancement, as I believe that not supporting general wildcard certificates is a bug and should be fixed.

In anycase, please fix this. The underlying apache software that is used to drive the web facing interface can easily support it and it appears that the only limitation here is an artificial one created by engineering within Infoblox itself.

There is an existing Request for Enhancement, RFE-311, requesting support for the ability to import a wildcard certificate and the associated private key. You should ask your account team (sales representative and systems engineer) to add your organization as another customer requesting this feature. (If you don't know who your account team is, send me an email at fhecker@infobloxfederal.com and I'll find their contact info for you.)

Incidentally, in my opinion this would really be a new feature, not a bug fix. The Infoblox NIOS software generates its own private / public key pair on the appliance; the public key is used for the Certificate Signing Request (CSR) and gets included in the resulting certificate installed into NIOS, but the private key never leaves the appliance. (It can't be exported or otherwise copied.) This is a security feature designed to minimize the possibility that someone else can use the private key and associated certificate to impersonate your Grid Master and do a man-in-the-middle attack where they could steal login credentials and snoop on other sensitive information.

By definition a wildcard certificate is (re)used on multiple systems, and that requires being able to copy both the certificate and the private key into whatever new system wants to use the wildcard certificate. So in order to support wildcard certificates NIOS would have to support import of a private key, which it does not currently do. If Infoblox were to add such a capability then anyone doing such an import would have to accept the added security risk of a possible MITM attack, as discussed in the previous paragraph.

Frank

"Old" thread, but if you're looking for this, it's scheduled in v8.4...

Is this scheduled to come out in release 8.4?  I have a similiar issue but slightly different.  I am using a wildcard certificate w/ SAN to populate over multiple systems thus reducing the cost for individual certs for each system.  I would also like the ability to either import the wildcard cert or have a way to import the CSR and Key the wildcard certificate was created with.

Apparently, RFE-311 above was implemented in NIOS ver 8.3.0.

You'll find this documented in the release notes as

Support of wildcards in the certificate subject (RFE-311)
NIOS now supports SSL/TLS (x509) server certificates with a ‘*’ in the subject.

Nothing should really stop you from using wildcard certificate w/ SAN to populate over multiple systems.

However, CSR/Private key generation for Infoblox systems outside Infoblox is not currently allowed and is still an active FR [RFE-3882 - Ability to import Private Keys with Certificates in NIOS].


Best Regards,

Bibin Thomas