Hello all,
I am setting a new set of controllers for a customer and have questions regarding certificates. I was reading over this thread ( http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Server-Certificate-on-Controller/td-p/112483 ) for some help, and I think I get the jist of what I need to do, but I am still unclear since this is a multi-controller environment and this is the first time I'm doing something like this.
In this particular environment, we currently have two redundant masters and two redundant locals (more locals to be added down the road). What options do we have as far as certificates go? It is important to my customer that we are validating the server certificate when the user joins the network (we are using PEAP).
I want to make sure I go back to my customer armed with the correct knowledge and understanding of this. As far as I understand, these are the options that I have. Please let me know if there is another way to do this, and also please correct me if I am saying anything that is incorrect as I still do not have a full grasp on the way certificates work.
1) Load a unique certificate on each controller, and a unique DNS record for each controller
2) Use a single certificate on multiple controllers, and add each controller's IP address to the same DNS record
3) Load a wildcard certificate on the controllers (*.securelogin.example.com), and resolve each controller's ip address uniquely in DNS (controller1.securelogin.example.com, controller2.securelogin.example.com, etc.)
Are all of these options correct, feasible, and supported? Is there another way? Did I screw any of these details up?
Also, how do we work in the fact that we want the masters to resolve as aruba-master.example.com? Should we just point the DNS record to the VRRP address, and and still have the controller IP addresses as securelogin.example.com?
We are running 6.3.1.3.
Thanks so much,
Tim