https://community.cisco.com/t5/application-networking/gencsr-question-on-css11506/m-p/417260#M7525 <HTML><HEAD></HEAD><BODY><P>1. you can get a multiple hosts certificate. The cost is more expensive so.</P><P>You'll have to check with the CA what they offer.</P><P></P><P>2. The certificate itself has no restriction/limitation. The problem would come from the application. If the application uses the name contained in the certificate to differentiate platforms or applications or ... you can't reuse the same certificate.</P><P></P><P>3. you can create your own CA.</P><P>Simply use the 'openssl' tool to self signed your own certificate.</P><P>It's heavily documented on the web.</P><P></P><P>Regards,</P><P></P><P>Gilles.</P><P>Thanks for rathing this answer.</P></BODY></HTML> Sun, 15 Jan 2006 15:39:14 GMT Gilles Dufour 2006-01-15T15:39:14Z https://community.cisco.com/t5/application-networking/gencsr-question-on-css11506/m-p/417258#M7523 <P>I have a ssl module just installed. and tried to configure ssl termination.</P><P></P><P>followed the quick start, after generate a rsa key and associated the key into a file, I have run ssl gencsr.</P><P></P><P>the next step is to send the output to a CA. I have tried to find anything for A CA, and found that all of them need a charge. </P><P></P><P>question:</P><P>1. on gencsr command, there is a question about domain. if I give myhost.mydomain.au, then the CA will be only used by myhost, is it right? so, if I give only mydomain.au the all the hosts in my domain can use the CA, am I wrong? </P><P></P><P>2. my client will be oracle users. do I need give different oracle database/application a different CA? </P><P></P><P>3. can I create CA myself since the ssl only used inside my company, internally. </P><P></P><P>Any comments will be apprecated</P><P></P><P>Thanks in advance</P><P></P><P></P> Sun, 08 Jan 2006 23:35:13 GMT https://community.cisco.com/t5/application-networking/gencsr-question-on-css11506/m-p/417258#M7523 julxu 2006-01-08T23:35:13Z https://community.cisco.com/t5/application-networking/gencsr-question-on-css11506/m-p/417259#M7524 <HTML><HEAD></HEAD><BODY><P>Not sure about the domain name, but I think that the name you specify there must match the name that the clients use to connect.</P><P></P><P>You can create a fully self signed certificate, which is fine is all your users are internal.</P><P></P><P>Have a look at this document for details:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/sslgd/certkeys.htm#wp999000" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/sslgd/certkeys.htm#wp999000</A></P><P></P></BODY></HTML> Wed, 11 Jan 2006 10:15:35 GMT https://community.cisco.com/t5/application-networking/gencsr-question-on-css11506/m-p/417259#M7524 Gregory Scarlett 2006-01-11T10:15:35Z https://community.cisco.com/t5/application-networking/gencsr-question-on-css11506/m-p/417260#M7525 <HTML><HEAD></HEAD><BODY><P>1. you can get a multiple hosts certificate. The cost is more expensive so.</P><P>You'll have to check with the CA what they offer.</P><P></P><P>2. The certificate itself has no restriction/limitation. The problem would come from the application. If the application uses the name contained in the certificate to differentiate platforms or applications or ... you can't reuse the same certificate.</P><P></P><P>3. you can create your own CA.</P><P>Simply use the 'openssl' tool to self signed your own certificate.</P><P>It's heavily documented on the web.</P><P></P><P>Regards,</P><P></P><P>Gilles.</P><P>Thanks for rathing this answer.</P></BODY></HTML> Sun, 15 Jan 2006 15:39:14 GMT https://community.cisco.com/t5/application-networking/gencsr-question-on-css11506/m-p/417260#M7525 Gilles Dufour 2006-01-15T15:39:14Z