04-29-2010 12:09 AM - edited 03-09-2019 10:57 PM
Hi all,
we have CAM and CAS in HA mode. we need to generate CSR but I have some cofusion about the DNS name.
network setup is like this
hostname name IP address
============ ========
CAM01 192.168.0.8
CAM02 192.168.0.9
192.168.0.10 (virtual ip address)
CAS01 172.30.1.8
CAS02 172.30.1.9
172.30.1.10 (virtual ip address)
all hostnames are already registered in local dns, and all devices are pingable with FQDN eg. CAM01.test.com, CAM02.test.com
and which host name should I use during the CSR?
thank you
Solved! Go to Solution.
04-29-2010 06:49 AM
Hi,
Create a third name, call it CAM, and make it resolvable to the Service IP. Generate your CSR for that.
The same thing for CAS. The name should resolve to the service IP and you should get certificate for that name.
HTH,
Faisal
04-30-2010 12:20 AM
Laxman,
Wireless IB guides: http://tinyurl.com/2ef2kk Look at chapter 3 for design considerations.
HTH,
Faisal
04-29-2010 06:49 AM
Hi,
Create a third name, call it CAM, and make it resolvable to the Service IP. Generate your CSR for that.
The same thing for CAS. The name should resolve to the service IP and you should get certificate for that name.
HTH,
Faisal
04-29-2010 04:52 PM
Hi Faisal,
thank you very much for solution.
we have to implement wireless on in-band virtual gateway mode if you have any configuration sampel for this please provide me.
Thanks again
--Laxman
04-30-2010 12:20 AM
Laxman,
Wireless IB guides: http://tinyurl.com/2ef2kk Look at chapter 3 for design considerations.
HTH,
Faisal
05-02-2010 11:41 PM
Hi Faisal,
this question is regarding certificates.
in our scenario CAS is in HA mode for HA configuration I created temp certificates in both cas with its hostname. and configure HA primary and after configuration, service ip is pingable. for CAS add to CAM I have to create new certificate using by service ip and have to put in CAM, after generate new certificate with service ip address old Certificate of CAS will be replaced by new certificate. at that moment which certificate will be use for CAS HA peer?
this question is regarding license
we have to implement in-band virtual gateway mode. but when I tried to connect new CAS server there is no option for ib-band virtual gateway. olny these options are available in CAM
1. virtual gateway
2. real ip gateway
3. out-of-band virtual gateway
4. out-of-band real ip gateway
license detail is here
1. Standard Manager License present
2. Manager Failover License present
3. Out-of-Band Server Count 2
do we need to have seperate CAS license for in-band mode?
waiting for your reply
Thank you
05-03-2010 06:34 AM
Hi,
For certs, you need one cert for BOTH you CAS devices if they're in HA. Basically you need a cert for each CAS, and a CAS in HA is counted as one.
So let's say you have one HA OOB CAS, and a single IB CAS, then you need two certs for CASs
For licensing, where it says Virtual Gateway or Real-IP only, it means in-band.
HTH,
Faisal
05-03-2010 05:42 PM
Hi Faisal,
Thank you for your answer. your answers are always valauable to me.
If we have CAS or CAM in HA mode we don't need to have separate certifiacate only one certificate will be ok. that means If we have 2 CAS, CAS1 and CAS 2 in HA mode I don't need to generate CSR from seperate CAS servers, virtual ip/host CA signed certificate is enough for both CAS servers?
Thank you
05-04-2010 04:15 AM
Hi,
That is correct. For CAS1 and CAS2, you should have one cert only which you'll install on both devices.
HTH,
Faisal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide