Hi All,
Bringing up an old post here...
If at SAN field I use FQDN only, does the Subscriber need to be able to resolve the FQDN of the Publisher (to be able to form cluster aka Make Subscriber) ?
For example I use "DNS:cp-pub1.abc.com"
And:
- does the hostname need to be the same as the FQDN at SAN field ?
- does the CN need to be the same as the FQDN at SAN field ?
Original Message:
Sent: Aug 21, 2013 11:43 AM
From: Mike Courtney
Subject: Creating a CSR with multiple SAN options
All,
Is it possible to put multiple entries into the SAN field when generating a CSR? I tried entering "DNS:clearpass1.mydomain.org, IP:10.20.100.170" and it threw an error. I'm not sure what the delimiter is between the various SAN entries.
I'm trying to create a CSR for a VIP that references the publisher and subscriber IPs and FQDNs. I've been told this is the best way to handle certs in CPPM in case of a failover and / or the promotion / demotion of Publishers and Subscribers.
Eventually, all of us will have dumped so many questions in this forum that it's going to be a great wiki! Also, it keeps cjoseph on his toes!
Thanks!
-Mike