Multiple certificates on SA

hazeen · ‎03-24-2008

Hi,

I have 2 urls for accessing my SA.

office.company.com

remote.company.com

There are 2 public certificates for these urls and both the urls are mapped to the same public ip in dns.

I have already installed one of the certificates for the interface and it is working. Can i install the second certificate on the same interface?

moreilly · ‎05-28-2008

Hi hazeen,

you have to use a Virtual Port for that (and attach the second certificate to that port)

That means you also need an additional ip address which is bound to this virtual port

Cheers

hazeen · ‎03-24-2008

Hi Moreilly,

Thanks for your answer.

That means that i need to nat another public ip to the virtual port ip address on my firewall, right?

moreilly · ‎05-28-2008

Hi hazeen,

if you do NAT, yes you have to use an additional (official) IP

The problem is, that the SA (as any device I know) has to make a mapping between the certificate and an IP address, e.g if there is a connection to the IP "A", just use the Certificate "A", if there is a connection to IP "B", just use the Certificate "B".

The SA can not use the hostname of the request (https://host_A/...) as a differentiator as the hostname is known to the SA only after the SSL session is established (and the right certificate is already necessary during that setup)

Cheers

moreilly · ‎05-28-2008

one further note:

you can use a wildcard certificate, e.g. for *.company.com, in this case one certificate for

office.company.com

remote.company.com

would be sufficient (means, that the domain name has to be the same)

Multiple certificates on SA

Re: Multiple certificates on SA

Re: Multiple certificates on SA

Re: Multiple certificates on SA

Re: Multiple certificates on SA