Occasional Contributor II

Public Cert - are SANs required?

Quick Public Cert question:


A customer will be load balancing between clearpass nodes per region.  Each region will be doing zone based DNS for resolution of the address.


If all redirects were pointed to the and not referencing the local host name at all, is there a need to have local server names in the SAN field, or can the same public cert be put on each of the servers without any SANs (or sans SANs if you will! )



Guru Elite

Re: Public Cert - are SANs required?

You should get a multi-domain cert with the load-balanced name as the CN and
each server listed as a SAN. Use this cert on each server.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Public Cert - are SANs required?

As an FYI, this is covered in the CPPM PKI-101 TechNote, plus a whole lot of other related data you may want to consider/review. Find it on the support page.

Best Regards

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: