cancel
Showing results for 
Search instead for 
Did you mean: 

Certificate to use for License-Server, License-Member architecture.

Highlighted
Regular Contributor

Certificate to use for License-Server, License-Member architecture.

Hi all,

We understand that certificates are required for authentication in a SSL VPN environement.

If users are based on single AD, we deploy the same server certificate for all the SSL VPN license-member devices, right? (Y/N)

If users are based on multiple (3) ADs, we deploy the mulitple (3) server certificate for all the SSL VPN license-member devices, right? (Y/N)





Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
5 REPLIES 5
Highlighted
Not applicable

Re: Certificate to use for License-Server, License-Member architecture.

hello 

Highlighted
Valued Contributor

Re: Certificate to use for License-Server, License-Member architecture.

Are we talking about the device certificates installed on the SA device or a server certificate installed on the AD server itself? 

Highlighted
Regular Contributor

Re: Certificate to use for License-Server, License-Member architecture.

Device certificate on the SA devices...
Highlighted
Valued Contributor

Re: Certificate to use for License-Server, License-Member architecture.

Yes, you will need a device certificate for each SA device.  Depending on how end user are connecting to the device will determine what the CN should be on the device certificates.  If all devices are load balanced and connecting via the same URL to all devices, you need to have the same CN for all devices.  If end user are connecting individually by a different url to each one, you will need to install the device certificate that corresponds to its url.

Highlighted
Respected Contributor

Re: Certificate to use for License-Server, License-Member architecture.


@michael.saw wrote:

Hi all,

 

We understand that certificates are required for authentication in a SSL VPN environement.

 

If users are based on single AD, we deploy the same server certificate for all the SSL VPN license-member devices, right? (Y/N)

If users are based on multiple (3) ADs, we deploy the mulitple (3) server certificate for all the SSL VPN license-member devices, right? (Y/N)


Certificates are not required for authentication in a SSL VPN environment, unless you want to use cert auth.

the device certificates are any CA you use.

if you are doing cert auth, then both questions are yes