Security

Reply
Occasional Contributor II
Posts: 18
Registered: ‎04-15-2015

Public Cert - are SANs required?

Quick Public Cert question:

 

A customer will be load balancing between clearpass nodes per region.  Each region will be doing zone based DNS for resolution of the address.

 

If all redirects were pointed to the clearpass.customer.com and not referencing the local host name at all, is there a need to have local server names in the SAN field, or can the same public cert be put on each of the servers without any SANs (or sans SANs if you will! )

 

Thanks!

Guru Elite
Posts: 8,052
Registered: ‎09-08-2010

Re: Public Cert - are SANs required?

You should get a multi-domain cert with the load-balanced name as the CN and
each server listed as a SAN. Use this cert on each server.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Moderator
Posts: 470
Registered: ‎11-09-2012

Re: Public Cert - are SANs required?

As an FYI, this is covered in the CPPM PKI-101 TechNote, plus a whole lot of other related data you may want to consider/review. Find it on the support page.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: