Hi,
Just wanted to check with you guys about CPPM cluster deployments.
I have read the CPPM Certificates document and still not sure so hence why I am creating this post.
So I will have two servers deployed as a publisher and subscriber pair, which are in the same subnet and they have a VIP between them. I will have two SSIDS, one will be DOTX and a Guest.
For the Radius server cert I will get the VIP to resolve to the CN name by putting a DNS entry. The certificate will be an internal cert for this. This is fine I am happy with this.
For the guest certificate (HTTPS) they will have a public certificate, and will have a separate certificate on the controller side. What should the CN name be and should this be resolvable? Should there be an ALIASE put in for this? Do I need to create another VIP on the guest network? What is the best practice configuration in terms of certificates when you have a DOTX and guest SSID going through Clearpass?
Can you also confirm what the behaviour would be if the same cert was used for CPPM guest and the wireless controller? What would be the client behaviour?
Thanks