Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Public Cert - are SANs required?

This thread has been viewed 0 times

  • 1.  Public Cert - are SANs required?

    Posted Aug 09, 2016 12:34 PM

    Quick Public Cert question:

     

    A customer will be load balancing between clearpass nodes per region.  Each region will be doing zone based DNS for resolution of the address.

     

    If all redirects were pointed to the clearpass.customer.com and not referencing the local host name at all, is there a need to have local server names in the SAN field, or can the same public cert be put on each of the servers without any SANs (or sans SANs if you will! )

     

    Thanks!



  • 2.  RE: Public Cert - are SANs required?

    EMPLOYEE
    Posted Aug 09, 2016 12:36 PM
    You should get a multi-domain cert with the load-balanced name as the CN and
    each server listed as a SAN. Use this cert on each server.


  • 3.  RE: Public Cert - are SANs required?

    Posted Aug 09, 2016 05:21 PM

    As an FYI, this is covered in the CPPM PKI-101 TechNote, plus a whole lot of other related data you may want to consider/review. Find it on the support page.