Difference between revisions of "Unified Communications Certificate (SANS UCC Certificate)"

(Unified Communications Certificate)
Line 2: Line 2:
== Unified Communications Certificate ==
== Unified Communications Certificate ==
'''[1].''' '''Unified Communications Certificate.'''
'''[1].''' '''Unified Communications Certificate.'''

Revision as of 10:54, 18 December 2014

Unified Communications Certificate

[1]. Unified Communications Certificate.

A Unified Communications Certificate (UCC) is an SSL certificate that secures multiple domain names and multiple host names within a domain name. A UCC lets you secure a primary domain name and additional Subject Alternative Names* (SANs) in a single certificate.

For example, with a UCC certificate you can secure:

  • www.example.com
  • www.example1.com
  • www.example2.net
  • mail.example.net

[2]. Wildcard certificate.

The difference between UCC and Wildcard certificate is that a wildcard certificate can protect all first-level sub-domains on an entire domain, such as *.example.com. But a wildcard cannot protect both www.example.com and www.example.org.

[3]. How to check the Subject Alternative Names.

During the creation of a csr, we specify the names of the servers we would like this certificate to protect:

# /opt/zimbra/bin/zmcertmgr createcsr self -new -subjectAltNames "one.example.com,two.example.com"

The protected servers can be viewed using an openssl command:

# openssl req -text -noout -in  /opt/zimbra/ssl/zimbra/server/server.csr

Certificate Request:

       Version: 0 (0x0)
       Subject: C=US, ST=N/A, L=N/A, O=Zimbra Collaboration Server, OU=Zimbra Collaboration Server, CN=one.example.com
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (2048 bit)
               Exponent: 65537 (0x10001)
       Requested Extensions:
           X509v3 Basic Constraints:
           X509v3 Key Usage:
               Digital Signature, Non Repudiation, Key Encipherment
           X509v3 Subject Alternative Name:
               DNS:one.domain.com, DNS:one.example.com, DNS:two.example.com
   Signature Algorithm: sha256WithRSAEncryption

SAN: Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.

[4]. Additional information about certificates can be found here: https://wiki.zimbra.com/wiki/SSL_Certificates

Jump to: navigation, search