I have 2 urls for accessing my SA.
There are 2 public certificates for these urls and both the urls are mapped to the same public ip in dns.
I have already installed one of the certificates for the interface and it is working. Can i install the second certificate on the same interface?
Solved! Go to Solution.
Thanks for your answer.
That means that i need to nat another public ip to the virtual port ip address on my firewall, right?
if you do NAT, yes you have to use an additional (official) IP
The problem is, that the SA (as any device I know) has to make a mapping between the certificate and an IP address, e.g if there is a connection to the IP "A", just use the Certificate "A", if there is a connection to IP "B", just use the Certificate "B".
The SA can not use the hostname of the request (https://host_A/...) as a differentiator as the hostname is known to the SA only after the SSL session is established (and the right certificate is already necessary during that setup)
one further note:
you can use a wildcard certificate, e.g. for *.company.com, in this case one certificate for
would be sufficient (means, that the domain name has to be the same)