Security

Hi Forum,

 

I'm working on a cluster of two nodes only(Publisher and subscriber with a VIP). I have read the Cert Tech note and I think Danny has done a great job on that document. I followed his recommendations on the cluster certificate section -page 26 and on-

The question I have is:

Can I use the same publicly signed certificate for both SSL and RADIUS .1x authentication? Would the .1x clients get an error because the CN is for the DATA(guest) VIP interface and not the MGMT interface that they are reaching the box on?

I'm not sure I can get two publicly signed certs for DATA and MGMT interfaces, so can I reuse and what's the downside?

 

 

Thanks in advance,

 

Yes you can use the same certificate for both radius and web. Also, the port does not matter since the common name for 802.1X does not have to match the DNS name.


Thanks,
Tim

Thank you Tim, Can the same publicly signed cert be installed on the both nodes? or do I need to use the same CSR to get two different certs one for each box?

Yes, as long as both FQDNs are subject alternative names.

Is this the cert tech note you are referencing ?

http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/14977/1/CPPM%20-%20Certificates%20101%20Technote%20V1.0%20.pdf

If not, can you link me. Thanks.