locked
One external certificate with multiple SAN for all the Edge services RRS feed

  • Question

  • Hi,
    Currently, I am using an internal Certificate for the Edge
    Can I buy only one public certificate and add all the name as SAN ?
    I am going to put the certificate for Access Edge (sip.mycompany.com), Conferencing Edge (conf.mycompany.com) .
    What Subject Name should I use for this public certificate ?
    Thanks,
    Monday, August 24, 2009 1:25 PM

Answers

  • The EDGE wizard looks at the Common Name on the cert for the configuration of the external names (you can specify names manually but the wizard will replace the names with the actual common name on the cert)
    While I have seen it work but you should use separate Certificates for Access Edge and Conferencing Edge cert.
    You also need a public cert for your Reverse Proxy server (you can add extra names to the Access Edge cert and use that for Reverse proxy as well)
    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    • Marked as answer by BougRun Tuesday, August 25, 2009 8:00 AM
    Monday, August 24, 2009 2:12 PM
  • You can get away with using one certificate with multiple SAN entries for all edge roles and Reverse Proxy roles as long as you are using 2006 SP1 on the ISA side..

    I would use your access edge FQDN as the common name and then add the other naems in the subject alternative names...

    Ex:

    Subject Name: sip.company.com
    Subject Alt Name: webconf.company.com,ocscontent.company.com

    However, depending on the provider you go with for certificates it may be in your best interest cost wise to use two single SSL Certs.


    winxnet
    • Marked as answer by BougRun Tuesday, August 25, 2009 8:00 AM
    Monday, August 24, 2009 5:29 PM

All replies

  • The EDGE wizard looks at the Common Name on the cert for the configuration of the external names (you can specify names manually but the wizard will replace the names with the actual common name on the cert)
    While I have seen it work but you should use separate Certificates for Access Edge and Conferencing Edge cert.
    You also need a public cert for your Reverse Proxy server (you can add extra names to the Access Edge cert and use that for Reverse proxy as well)
    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    • Marked as answer by BougRun Tuesday, August 25, 2009 8:00 AM
    Monday, August 24, 2009 2:12 PM
  • You can get away with using one certificate with multiple SAN entries for all edge roles and Reverse Proxy roles as long as you are using 2006 SP1 on the ISA side..

    I would use your access edge FQDN as the common name and then add the other naems in the subject alternative names...

    Ex:

    Subject Name: sip.company.com
    Subject Alt Name: webconf.company.com,ocscontent.company.com

    However, depending on the provider you go with for certificates it may be in your best interest cost wise to use two single SSL Certs.


    winxnet
    • Marked as answer by BougRun Tuesday, August 25, 2009 8:00 AM
    Monday, August 24, 2009 5:29 PM