Security

I've had a good look through the forums and this is more for clarification from anyone out there that has attempted this and either succeeded or failed.

 

I have two controllers (6000s) in master/backup. I have been provided with a wildcard certificate and whilst I can upload it to the controller, will it allow for the "magic" DNS resolution of the controllers CN without specifying anything prior to the *.mydomain.com?

 

If this does not work, I assume I can however generate a key and CSR with OpenSSL to obtain a new certificate, and use this with the same name on both controllers?

Yes indeed. This was precisely what I did. I used openssl to generate a certificate request work multiple sans (which represented multiple DNS entries), got it signed by a trusted CA then packaged it up into a pkcs12, then imported it onto the controller. I found the CSR generation on the controller to be a little limiting.