08-25-2021 05:07 PM - edited 08-25-2021 05:08 PM
ur company has gone through a name change from ABC Corp to CDE Corp, the current vpn url is vpn.abc.com and the certificate on the ASA use that CN=vpn.abc.com. Company wants to move vpn url:vpn.cde.com to reflect the new company name. The DNS record is already pointing to ASA IP address, but VPN connection on the new domain get "Certificate not trusted" because the url doesn't match the current certifcate.
What will be the best way to move to new vpn url with minimal impact to end users
Option 1: Generate new CSR new certificate (vpn.cde.com)
Generate new CSR, get a new certificate, add certifcate to ASA, schedule a change, swap ASA certificate to new one, get users to to start using new vpn url.
Option 2: Anyway to load balance both certificates during transition
This will allow users on new url to connect to VPN without an error and old users to also connect without any errors until final cut off. Does it have to be a hard cut over between the two?
Thought about a multi-domain SSL, but not sure if it would work in such a scenario......
Any thoughts....
Solved! Go to Solution.
08-26-2021 12:57 AM
Hi @Tinei,
I would advise to go for certificate containing both DNS names (as SAN attributes), untill you complete migration. This way, existing user would continue to trust old domain, and migrated users will also trust new domain.
Since you are owner of both domains, this should be easy to get from public CA.
BR,
Milos
08-26-2021 12:57 AM
Hi @Tinei,
I would advise to go for certificate containing both DNS names (as SAN attributes), untill you complete migration. This way, existing user would continue to trust old domain, and migrated users will also trust new domain.
Since you are owner of both domains, this should be easy to get from public CA.
BR,
Milos
09-12-2021 04:16 PM
Thanks, managed to get a multi-domain certificate and it worked beautifully....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: