SSL VPN
Reply
Contributor
Posts: 138
Registered: ‎03-17-2008
0

digital certificate on cluster

hi all,

 

i'm running a pair of 4500 active/passive cluster, and would like purches digital certificate,

do i need one for the VIP IP address or one per machine ?

 

what will be client exprience when failover occures in aspect to digital certificate?

rock the boat , dont sink the ship
Trusted Contributor
NULL
Posts: 120
Registered: ‎11-27-2010
0

Re: digital certificate on cluster

Dear Player,

 

first over all you need only 1 Certificate for the Domain-Name which points to the VIP-IP.

 

Also i would recomend that your going to build your csr (certificate signing request) with an open-ssl implementation (offline), so you can also specify the complexity of your private key + bit lenth 2048!

 

regarding to your question about the client experience, they won't notice anything as the certificate is name based.

 

regards

 

NULL

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.