Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific


Accepted Solution

Wildcard SSL cert error

Posts: 31
14206     0

I'm trying to import an SSL cert to Infoblox using the procedure in KB #3084.  It's a wildcard cert signed by and is working on everything else in our environment, but I get this error in Infoblox:


Could not find a CSR with a matching public key




Any ideas on what I can do about that?




Re: Wildcard SSL cert error

Posts: 136
14207     0

Hi Blair,


You should be able to generate a CSR for a wildcard cert from the Infoblox appliance and then load the cert but unfortunately the import of a general wildcard cert is currently not supported.

Check out our new Tech docs website at for latest documentation on Infoblox products

Re: Wildcard SSL cert error

Posts: 1
14207     0

I hesistate to ask this be a Request For Enhancement, as I believe that not supporting general wildcard certificates is a bug and should be fixed.


In anycase, please fix this. The underlying apache software that is used to drive the web facing interface can easily support it and it appears that the only limitation here is an artificial one created by engineering within Infoblox itself.

Re: Wildcard SSL cert error

Posts: 132
14207     0

There is an existing Request for Enhancement, RFE-311, requesting support for the ability to import a wildcard certificate and the associated private key. You should ask your account team (sales representative and systems engineer) to add your organization as another customer requesting this feature. (If you don't know who your account team is, send me an email at and I'll find their contact info for you.)


Incidentally, in my opinion this would really be a new feature, not a bug fix. The Infoblox NIOS software generates its own private / public key pair on the appliance; the public key is used for the Certificate Signing Request (CSR) and gets included in the resulting certificate installed into NIOS, but the private key never leaves the appliance. (It can't be exported or otherwise copied.) This is a security feature designed to minimize the possibility that someone else can use the private key and associated certificate to impersonate your Grid Master and do a man-in-the-middle attack where they could steal login credentials and snoop on other sensitive information.


By definition a wildcard certificate is (re)used on multiple systems, and that requires being able to copy both the certificate and the private key into whatever new system wants to use the wildcard certificate. So in order to support wildcard certificates NIOS would have to support import of a private key, which it does not currently do. If Infoblox were to add such a capability then anyone doing such an import would have to accept the added security risk of a possible MITM attack, as discussed in the previous paragraph.




Re: Wildcard SSL cert error

Posts: 60
14207     0

"Old" thread, but if you're looking for this, it's scheduled in v8.4...

Re: Wildcard SSL cert error

Posts: 1
14207     0

Is this scheduled to come out in release 8.4?  I have a similiar issue but slightly different.  I am using a wildcard certificate w/ SAN to populate over multiple systems thus reducing the cost for individual certs for each system.  I would also like the ability to either import the wildcard cert or have a way to import the CSR and Key the wildcard certificate was created with.

Re: Wildcard SSL cert error

[ Edited ]
Moderator bkoshy
Posts: 133
14207     0

Apparently, RFE-311 above was implemented in NIOS ver 8.3.0.

You'll find this documented in the release notes as

Support of wildcards in the certificate subject (RFE-311)
NIOS now supports SSL/TLS (x509) server certificates with a ‘*’ in the subject.

Nothing should really stop you from using wildcard certificate w/ SAN to populate over multiple systems.

However, CSR/Private key generation for Infoblox systems outside Infoblox is not currently allowed and is still an active FR [RFE-3882 - Ability to import Private Keys with Certificates in NIOS].

Best Regards,

Bibin Thomas

Showing results for 
Search instead for 
Do you mean 

Recommended for You