cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
440
Views
15
Helpful
6
Replies
Highlighted
Beginner

New Subscriber does not have multi-san certificate

Hi guys,

In the existing cluster there is multi-san tomcat certificate given by CA. New added subscriber only taken tomcat-trust, but does not have the same tomcat certificate. It is using self-signed tomcat certificate. I cant upload multisan tomcat certificate, it seems have to generate csr.

What is the solution for the case?

Regenerating clusterwide multisan certificate and upload to publisher again? Will it distribute certificate and new subscriber get new one?

 

Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

All that is completely expected, the multi-SAN certificate is only distributed to servers which were already part of the cluster and the CSR generation includes them all by default. 

 

So, yes, you'd need to go through the multi-san CSR procedure again if you want that new server to also use a multi-san certificate.

HTH

java

if this helps, please rate

View solution in original post

6 REPLIES 6
Highlighted
Hall of Fame Cisco Employee

All that is completely expected, the multi-SAN certificate is only distributed to servers which were already part of the cluster and the CSR generation includes them all by default. 

 

So, yes, you'd need to go through the multi-san CSR procedure again if you want that new server to also use a multi-san certificate.

HTH

java

if this helps, please rate

View solution in original post

Highlighted

Thanks for the quick answer Jaime. So Single CSR for all servers, correct?
Highlighted

Hi java,

 

I have a question related to the same "issue": is it mandatory to do the multi-san process once again or we can have single CSR signed for the new servers added?

 

Thank you!

Highlighted
Hall of Fame Cisco Employee

I have not tested that scenario, so I cannot confirm if it would be supported, but in theory, it should work, just as with the self-signed certificate the server will generate upon installation.

HTH

java

if this helps, please rate
Highlighted

Even if it might work it wouldn't be any less work really. You should create a new CSR with all the names in the multi SAN.

Please rate all useful posts
Highlighted

Java, Roger, thank you very much for your quick responses,

 

I will do the multi-san process once again.  Thank you again!

 

Martin