Follow

How to Setup and Install a Wildcard Certificate on an Endian Switchboard Portal

  Version 6.0

Applies to Platform: Switchboard 6.8.x
Last update: 24 Apr 2025

In the new EndianOS release (6.8), there is an all new certificate management system that offers a consistent user experience across all services. Moreover, it incorporates numerous additional features, such as support for using wildcard certificates. A wildcard certificate is one that can secure both a main (root) domain and all of its subdomains. For example, you could secure *.example.com with a wildcard certificate which would also secure any subdomain on this domain like www.example.com, mail.example.com and any others. This is especially useful for the Endian Switchboard portal because its a multi-tenant solution and would allow each sub-organization to utilize the subdomains and maintain a secure connection for each one of them.

Note

Before you use a wildcard certificate you should be fully aware of the benefits and risks. While there is simplicity and consolidation using them, you also have security and dependency risks that are important to weigh in making a decision.

Requirements

Before you begin you will need the following in order to complete this process:

  1. You must own or control a registered domain name.

  2. A wildcard DNS record that maps the root domain to the appliance (static) public IP.

  3. An EndianOS system that is setup to use the root domain.

Create Enrollment Request

Navigate to Certificates > Enrollment requests and click New order button

  1. Certificate ID:  Enter a descriptive identifier name for this certificate
  2. Server:  Select the ACME service to use (Let's Encrypt or ZeroSSL)
  3. Email:  Enter the email address to use for this certificate request
  4. Challenge:  Select the challenge type to use for certificate verification. In almost all cases, you will need to use DNS challenge in order to secure a wildcard certificate.
  5. Domains:  Enter the wildcard domain (e.g. *.example.com) for the appliance and click the button to add the domain
  6. DNS Provider:  Select the DNS provider you will use to validate the domain ownership
  7. DNS provider information: Here you must enter provider specific information like API token and/or account information (see more info below)
  8. Click the Create order button

Once done, you can then track the progress of the enrollment request using the Status field on the Enrollment request page. If there is an error, you should see that as the status and you can get more information by clicking the View Certificate button. 

DNS Challenge Provider Information

For each provider, there is information required in order to automate the DNS challenge and verification process. Below you will find more information for each provider:

  • Hetzner - Create an API token by going to here
  • Azure - Follow Step 1 from this article
  • AWS - You can find your account info here
  • Scaleway - Generate an API token following these instructions
  • Cloudflare (Single-Zone) - Generate an API token following these instructions
  • Cloudflare (Multi-Zone) - Get your Account ID and create an API token using these instructions
  • Cloudflare (Global API key) - Generate your Global API key by following these instructions

Verify the Certificate

You can now verify the certificate was installed correctly by going to Certificates > Certificates page.

 

Install the Switchboard Portal Certificate

Now you can install the new certificate to use for the Switchboard web portal. Navigate to Switchboard > Settings > General Settings and here you can use the drop-down to select your new wildcard certificate and click Save to install it.

Have more questions? Submit a request

Comments