12-17-2008 11:54 PM
I have 2 urls for accessing my SA.
There are 2 public certificates for these urls and both the urls are mapped to the same public ip in dns.
I have already installed one of the certificates for the interface and it is working. Can i install the second certificate on the same interface?
Solved! Go to Solution.
12-18-2008 12:18 AM
you have to use a Virtual Port for that (and attach the second certificate to that port)
That means you also need an additional ip address which is bound to this virtual port
12-18-2008 03:59 AM
if you do NAT, yes you have to use an additional (official) IP
The problem is, that the SA (as any device I know) has to make a mapping between the certificate and an IP address, e.g if there is a connection to the IP "A", just use the Certificate "A", if there is a connection to IP "B", just use the Certificate "B".
The SA can not use the hostname of the request (https://host_A/...) as a differentiator as the hostname is known to the SA only after the SSL session is established (and the right certificate is already necessary during that setup)
12-18-2008 04:03 AM
one further note:
you can use a wildcard certificate, e.g. for *.company.com, in this case one certificate for
would be sufficient (means, that the domain name has to be the same)