#DirectAccess support for wildcard certificates


As you probably might know Forefront UAG DirectAccess deployment requires a public key infrastructure (PKI) to issue certificates to DirectAccess clients, the Forefront UAG DirectAccess server, and the network location server.

Certifcates used by DirectAccess can be catagorized by:

Considerations for deploying Forefront UAG DirectAccess for your network location server and IP-HTTPS certificates is to enroll your certs manualy or using a wildcard certificate. As Forefront UAG 2010 RTM supports use of wildcard it is an option for DirectAccess.

Understanding Wildcard Certificates

A wildcard certificate is designed to support a domain and multiple subdomains. For example, configuring a wildcard certificate for *.contoso.com results in a certificate that will work for mail.contoso.com, web.contoso.com, and autodiscover.contoso.com.

Configuring DirectAccess wildcard use

During step 2 (UAG DirectAccess Configuration Wizard) the server certificate must be selected to authenticate DirectAccess clients. In this step you are able to select a wildcard certificat. After selecting the wildcard certifcate you will be prompt for input of the full name. In this example https://da.mydomain.com

 

Resources

Planning CAs and certificates for Forefront UAG DirectAccess SP1

Designing your PKI for Forefront UAG DirectAccess

Accepted wildcards

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s