How Many CCA/NAC SSL CA Certificates Needed?

khary · ‎09-18-2008

I have CAM and CAS failover bundle. 2 CAM and 2 CAS. I am purchasing a third-party Trusted CA. How many certificates will I need to purchase?

Do I need 1 cert for all the servers, 1 per F/O bundle, or 1 cert per server?

And can I use a private IP to generate the cert and not a domain? Because when I test the CSR on Thawte it shown invalid domain.

Peter Yardley · ‎09-20-2008

We have a failover bundle for our CAS servers and only use 1 cert (on the shared address) for the bundle but you need a separate one for the cam.

I guess you will need 2 certs one cam and one cas.

gabrielbryson · ‎03-02-2009

You will require one CA cert for the NAM pair and one for the NAS pair (thats 2 in total), you need to genetare the cert request with a FQDN that maps to your service ip address on your internal DNS srv, the Cert authority will not accept a cert request with a IP address.

srue · ‎03-04-2009

i've seen cert vendors issue certs for ip addresses.

nagel · ‎03-04-2009

We have 2 CAS (not failover)& 1 CAM.. As for uswer experience - it is only necessary to implement cert on CAS... The CAM cert - nobody will ever be affected expect engineering staff. Not a big deal

srue · ‎03-04-2009

yes, with 2 cas servers (no HA) you need 2 certs....

any 3rd party cert installed on the cam is *mostly* for convenience.