Could use a wildcard

Elter ... · ‎07-19-2017

Hello,

is there an official way to generate a certificate request for a cluster of 2 Content Servers working in H323?

The URL used to reach the cluster is: tcs.domain (CN)

TCS1 FQDN is: tcs1.domain (SAN)

TCS2 FQDN is: tcs2.domain (SAN)

The ISS tool wizard do not allow the use of SAN and the TCS SSL documentation only mention standalone installation with CN only.

*In case we use a wizard/tool on tcs1, we will also need to export the private key to be installed into the tcs2.

Thanks in advanced.

regards

Patrick Sparkman · ‎07-19-2017

Are you able to sign your own certificates? If so, you could just create the certificate based off of the CN and SAN fields you want, instead of going through the process of generating a CSR. We've always sent certificates requests to those who handle the certificates with just the CN and SAN information, they take that and generate a certificate and private key for us without having to provide a CSR from the server(s).

Elter ... · ‎07-20-2017

Thanks Patrick, but this enviroment must use Public CA and the CA is requesting the CSR (they will not generate the private key).

I know that it is possible to use OpenSSL for example and generate both (private key and request), but this do not solve the two main questions:

Is it supported to use only one certificate creating a "virtual cluster name" as CN with two peers names as SAN in this environment (no SIP)?

Which is the supported way of CSR creation for clusters? (when we use the IIS tool, it will generate the CSR with some specific parameters, in case we use an external sw like OpenSSL, which parameters must be set?)

I know that there are lots of possibilities, but just a few are marked as "supported" by TAC.

Regards

Patrick Sparkman · ‎07-20-2017

Could use a wildcard certificate, since the TCS is a Windows server, wildcards are supported.

TCS 7.0 Certificate Request