Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificates in a cluster

SF_Dan_
Frequent Contributor
‎01-06-2011 02:37:PM
‎01-06-2011 02:37:PM

Certificates in a cluster

I have 2 SA 6500s in an active/active cluster and have an issue with certificates. The problem I am having is we do not utilize a load balancer so we have employees connect to a node based on their physical location so I have different URLs for each node. In the configuration it only allows me to install 1 certificate for the internal and 1 for the external. Can this somehow be done on a per node basis so I can have valid certs for each URL?

thanks,

Dan

0 Kudos
6 REPLIES 6
spuluka
Super Contributor
‎01-06-2011 02:44:PM
‎01-06-2011 02:44:PM

Re: Certificates in a cluster

Do you require that each location connect to a specific box? Or is this just how you are balancing the load?

You could use DNS round robin as an essentially free load balancer.

You use the same url on both boxes but simply create two DNS a-records with the two different public ip addresses.

Your DNS servers will then alternate which record is handed out on each request roughly balancing your connections.

DNS then becomes your load balancer for the connections.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home
0 Kudos
SF_Dan_
Frequent Contributor
‎01-06-2011 02:48:PM
‎01-06-2011 02:48:PM

Re: Certificates in a cluster

I have it intentionally setup this way. I was digging through the knowledge base and it would appear I am going to need to use a wildcard cert to accomplish this.

thanks,

Dan

0 Kudos
Jickfoo_
Super Contributor
‎01-07-2011 11:48:AM
‎01-07-2011 11:48:AM

Re: Certificates in a cluster

Why not use the same host name but just change the paths..

ie..

vpn.yourcompany.com/northamerica

vpn.yourcompany.com/southamerica

etc..

limit the number of hostnames, less confusion, more better. Smiley Happy

Just my 2 cents..

0 Kudos
stine_
Super Contributor
‎01-08-2011 09:12:AM
‎01-08-2011 09:12:AM

Re: Certificates in a cluster

Take a look at this help page (from GoDaddy used as and example only, not as a positive/negative reccomendation)

http://community.godaddy.com/help/3582/can-i-use-a-standard-ssl-certificate-on-an-aliased-domain-in-...

I'm sure you can get 2-name certificates from any authority and I don't know if both names have to resolve to the same ip address at the time of issuance.

0 Kudos
RKB_
Frequent Contributor
‎01-11-2011 09:53:PM
‎01-11-2011 09:53:PM

Re: Certificates in a cluster

If you need to load multiple device certs then you can create virtual ports (external and internal ) and assign unique certs for each port. Your load balancer can then foward request to any ports based on the location the user comes from.

0 Kudos
SF_Dan_
Frequent Contributor
‎01-12-2011 06:28:AM
‎01-12-2011 06:28:AM

Re: Certificates in a cluster

Thanks for all the replies. I have been testing a couple options and it appears wildcard certs and certs with multiple CNs work fine with the juniper client.

Thanks.

Dan

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.