03-28-2016 12:20 PM
While generating the CSR you have an option to generate it for multi-use certificate and then there is a warning which says "Its not recommended practice" can I get more explanation on why is this feature even added to ISE if it is not recommended ?
I am trying to use a single certificate with multiple SAN names for different purpose , Is this Possible ? If so , what are the implications of using multi-use certificate as its not a recommended practice ?
- Gaurav Sharma
Solved! Go to Solution.
03-28-2016 12:57 PM
Gaurav,
You can generate a CSR with multiple SANs for use throughout your deployment which is a supported configuration. This functionality, for example, will allow you to use a single certificate across multiple PSNs for portal use. On the other hand, a multi-use certificate has all the functions of Admin, Portal, PxGrid, and EAP authentication. Best practice recommends having a certificate for each one of these functions. We give the administrator to do so in case the installation is for lab use only. That way, tons of certificates won't be required to test out all features.
Regards,
-Tim
03-28-2016 12:57 PM
Gaurav,
You can generate a CSR with multiple SANs for use throughout your deployment which is a supported configuration. This functionality, for example, will allow you to use a single certificate across multiple PSNs for portal use. On the other hand, a multi-use certificate has all the functions of Admin, Portal, PxGrid, and EAP authentication. Best practice recommends having a certificate for each one of these functions. We give the administrator to do so in case the installation is for lab use only. That way, tons of certificates won't be required to test out all features.
Regards,
-Tim
03-28-2016 01:16 PM
Thanks Tim !
Do we still have to select "Multi-Use" option for CSR when using the same certificate with multiple SANs .
This certificate would be used as Portal-Certificate and Admin-Cert .
- Gaurav Sharma
03-28-2016 01:24 PM
Gaurav,
No, you don't need to select multi-use to add multiple SANs. If you are going to use the certificate for portals as well as the admin portal, then you would have to select multi-use. Is there a reason you would want to use the same certificate on portals as well as the admin interface? The Admin interface is only used by administrators where as guest portals are server to clients the would throw and error if the SSL certificate isn't signed by a trusted root authority.
Regards,
-Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide