Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
1
Helpful
3
Replies

Certificate for WSA

Vishal6
Level 2
Level 2

‎05-02-2025 01:17 AM

Hi All,

I have two WSA at 2 location with distinctive configuration. Need to know can we create csr from one wsa and use it for both ?

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎05-02-2025 01:55 AM

For the web gui for management you can use the same cert for both, use a "SAN" cert so you can add both host names.


For the signing cert used in HTTPS decryption, you can use the same one, no changes... (this isn't a cert you buy, you generate it on the WSA or via your internal CA.)
0 Helpful

Vishal6
Level 2
Level 2

‎05-02-2025 02:29 AM

Hi Ken,

So according to your reply it seems, we cant use one csr on multiple wsa ?.

0 Helpful

Ken Stieers
VIP
VIP
In response to Vishal6

‎05-02-2025 03:45 AM

Yes you can use the same cert on both WSAs
But there are two places you use a cert on a WSA.

The gui, which is just a standard web cert, and since you have 2 WSAs, maybe named WSA1 and WSA2, you want that cert to be valid for both, so get a SAN cert with both names in it.


The other cert is for the HTTPS proxy, and that cert is a sigining cert. That one's name doesn't matter as much as you never reference it. This cert used to sign ephemeral certs the WSA creates for the https proxy and needs to be trusted by your endpoints. Easiest way is to jist use the one the WSA1 generated and upload it to WSA2 and also deploy to your endpoints as a trusted cert via GPO.
Customers Also Viewed These Support Documents