we have CAM and CAS in HA mode. we need to generate CSR but I have some cofusion about the DNS name.
network setup is like this
hostname name IP address
192.168.0.10 (virtual ip address)
172.30.1.10 (virtual ip address)
all hostnames are already registered in local dns, and all devices are pingable with FQDN eg. CAM01.test.com, CAM02.test.com
and which host name should I use during the CSR?
Solved! Go to Solution.
thank you very much for solution.
we have to implement wireless on in-band virtual gateway mode if you have any configuration sampel for this please provide me.
this question is regarding certificates.
in our scenario CAS is in HA mode for HA configuration I created temp certificates in both cas with its hostname. and configure HA primary and after configuration, service ip is pingable. for CAS add to CAM I have to create new certificate using by service ip and have to put in CAM, after generate new certificate with service ip address old Certificate of CAS will be replaced by new certificate. at that moment which certificate will be use for CAS HA peer?
this question is regarding license
we have to implement in-band virtual gateway mode. but when I tried to connect new CAS server there is no option for ib-band virtual gateway. olny these options are available in CAM
1. virtual gateway
2. real ip gateway
3. out-of-band virtual gateway
4. out-of-band real ip gateway
license detail is here
1. Standard Manager License present
2. Manager Failover License present
3. Out-of-Band Server Count 2
do we need to have seperate CAS license for in-band mode?
waiting for your reply
For certs, you need one cert for BOTH you CAS devices if they're in HA. Basically you need a cert for each CAS, and a CAS in HA is counted as one.
So let's say you have one HA OOB CAS, and a single IB CAS, then you need two certs for CASs
For licensing, where it says Virtual Gateway or Real-IP only, it means in-band.
Thank you for your answer. your answers are always valauable to me.
If we have CAS or CAM in HA mode we don't need to have separate certifiacate only one certificate will be ok. that means If we have 2 CAS, CAS1 and CAS 2 in HA mode I don't need to generate CSR from seperate CAS servers, virtual ip/host CA signed certificate is enough for both CAS servers?
That is correct. For CAS1 and CAS2, you should have one cert only which you'll install on both devices.