If you plan to use a self-signed SSL certificate (instead of obtaining a certificate from a commercial CA), you can
create one using AMC. A host is not selected for the certificate, because there is no one to one mapping of
certificates to hosts. Wildcard certificates allow one certificate to map to multiple hosts. In addition, a
self-signed SSL certificate can be created with multiple FQDN or IP addresses.
In the AMC, navigate to System Configuration > SSL Settings.
In the SSL Certificates area, click Edit.
Click the + (New) icon.
Select Create self-signed certificate from the menu.
In the Fully qualified domain name field, type a wildcard domain name such as
or type the individual server name as you want it to appear in the certificate:
The main appliance certificate can be a wildcard certificate, or you might type something like
vpn.example.com. You must add this name to your external DNS to make the appliance
accessible to users.
This is the name users will enter for access to Web-based resources on your network. For a
wildcard certificate, the * matches any string of characters up to the dot, such as specific server
names. You also reference this name when configuring the Connect clients to provide access to
- If this certificate will be used by AMC (as opposed to WorkPlace), you might type something like
amc.example.com. In most cases, you should add this name to your internal DNS to simplify
access to AMC.
Any number of SANs can be added to a certificate, but the text input field is 1,000 characters
maximum. Simply enter multiple FQDNs and/or IPv4 or IPv6 addresses separated by commas.
SANs can contain wildcard entries (
*.example.com, *.access.example.com), unique
access.example.com, vpn.example.com), and IP addresses.
The entered FQDNs and IP addresses are encoded in the subject alternative name certificate
extension and FQDNs are encoded as an additional SAN name in the certificate. If a SAN is an IP
address, it is encoded as an IPAddress in the SAN extension instead of a DNSName.
In the Alternative names field, type any additional FQDNs or IP addresses that should appear in the
certificate using the Subject Alternative Name certificate extension. Separate multiple alternative names
and IP addresses with a comma.
In the Organization field, type the company or organization name as you want it to appear in your SSL
In the Country field, type the two-letter abbreviation for your country. For a list of valid country codes, go
to the International Organization for Standardization (ISO) Web site at http://www.iso.org and look for
information on ISO 3166-1.
In the Key size list, select the key length you want to use for the key. Larger keys increase security.
In the Signature list, select the algorithm used for the certificate.
Click Pending changes and then apply the changes. (For more information, see Applying Configuration Changes.)