Skip to content

#DirectAccess support for wildcard certificates

As you probably might know Forefront UAG DirectAccess deployment requires a public key infrastructure (PKI) to issue certificates to DirectAccess clients, the Forefront UAG DirectAccess server, and the network location server.

Certifcates used by DirectAccess can be catagorized by:

Considerations for deploying Forefront UAG DirectAccess for your network location server and IP-HTTPS certificates is to enroll your certs manualy or using a wildcard certificate. As Forefront UAG 2010 RTM supports use of wildcard it is an option for DirectAccess.

Understanding Wildcard Certificates

A wildcard certificate is designed to support a domain and multiple subdomains. For example, configuring a wildcard certificate for * results in a certificate that will work for,, and

Configuring DirectAccess wildcard use

During step 2 (UAG DirectAccess Configuration Wizard) the server certificate must be selected to authenticate DirectAccess clients. In this step you are able to select a wildcard certificat. After selecting the wildcard certifcate you will be prompt for input of the full name. In this example



Planning CAs and certificates for Forefront UAG DirectAccess SP1

Designing your PKI for Forefront UAG DirectAccess

Accepted wildcards

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: