• State Suggested Answer
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1555 views
  • Users 0 members are here
Options
Related

SSL certificate on SPP appliances

dario guastella
over 2 years ago

referred to the KB How to generate and install a SSL web certificate from a Safeguard created "Web Certificate Request" (294210) (oneidentity.com) i am asking to create an SSL certificate in order to secure the communication with the appliances and not to have the pop up on the SSL/TLS certificate appear. The only doubt is: do I ask for a single CSR and have a single certificate sent to me which I will then upload in safeguard and distribute on the other two appliances? Or do I have to create 3 CSRs for 3 certificates since there are 3 appliances?

Parents
  • 0 over 2 years ago

    HI Dario,

    You can use a single CSR and add the VIP address if any and the 3x Hostnames and 3x IPs of all SPP nodes in the cluster which will be set in the certificate as Subject Alternative Names.

    Once the certificate is uploaded into SPP then you can assign this single certificate to all 3 nodes.

    Make sure to upload the Root CA and any intermediate Certificates from the SSL certificate chain to the SPP Trusted Certificates section.

    Thanks!

  • 0 over 2 years ago in reply to Tawfiq.Ahmad

    ok great! so if the customer doesn't have a VIP i cannot put it in the Distinghuish Name and then i think i have to create 3 CSR? o i can put one of the hostname of the three apppliances (maybe the primary node)? thanks a lot!!

  • 0 over 2 years ago in reply to dario guastella

    You can use a placeholder DN and since the actual SPP hostnames and IPs are added to the SAN then that would work as well. For example:

    DN includes : safeguard.domain.local (this can be a place holder hostname that does not necessarily have a DNS entry or can be used later if need be)

    DNS Host:

    spp1.domain.local

    spp2.domain.local

    spp3.domain.local

    DNS IPs:

    192.168.10.11

    192.168.10.12

    192.168.10.13

Reply
  • 0 over 2 years ago in reply to dario guastella

    You can use a placeholder DN and since the actual SPP hostnames and IPs are added to the SAN then that would work as well. For example:

    DN includes : safeguard.domain.local (this can be a place holder hostname that does not necessarily have a DNS entry or can be used later if need be)

    DNS Host:

    spp1.domain.local

    spp2.domain.local

    spp3.domain.local

    DNS IPs:

    192.168.10.11

    192.168.10.12

    192.168.10.13

Children