cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1398
Views
15
Helpful
6
Replies

New Subscriber does not have multi-san certificate

allahverdiyev
Level 1
Level 1

Hi guys,

In the existing cluster there is multi-san tomcat certificate given by CA. New added subscriber only taken tomcat-trust, but does not have the same tomcat certificate. It is using self-signed tomcat certificate. I cant upload multisan tomcat certificate, it seems have to generate csr.

What is the solution for the case?

Regenerating clusterwide multisan certificate and upload to publisher again? Will it distribute certificate and new subscriber get new one?

 

Regards

1 Accepted Solution

Accepted Solutions

Jaime Valencia
Cisco Employee
Cisco Employee

All that is completely expected, the multi-SAN certificate is only distributed to servers which were already part of the cluster and the CSR generation includes them all by default. 

 

So, yes, you'd need to go through the multi-san CSR procedure again if you want that new server to also use a multi-san certificate.

HTH

java

if this helps, please rate

View solution in original post

6 Replies 6

Jaime Valencia
Cisco Employee
Cisco Employee

All that is completely expected, the multi-SAN certificate is only distributed to servers which were already part of the cluster and the CSR generation includes them all by default. 

 

So, yes, you'd need to go through the multi-san CSR procedure again if you want that new server to also use a multi-san certificate.

HTH

java

if this helps, please rate

Thanks for the quick answer Jaime. So Single CSR for all servers, correct?

Hi java,

 

I have a question related to the same "issue": is it mandatory to do the multi-san process once again or we can have single CSR signed for the new servers added?

 

Thank you!

I have not tested that scenario, so I cannot confirm if it would be supported, but in theory, it should work, just as with the self-signed certificate the server will generate upon installation.

HTH

java

if this helps, please rate

Even if it might work it wouldn't be any less work really. You should create a new CSR with all the names in the multi SAN.



Response Signature


Java, Roger, thank you very much for your quick responses,

 

I will do the multi-san process once again.  Thank you again!

 

Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: