Reply to Message

View discussion in a popup

Replying to:
cbaptiste
Hot Shot
Hot Shot

I don't use SAN certs with my UAGs. I use CN. I think it is however an interesting debate. I have spoken to a few people and they have different views on this. Personally, if the device is not internet facing I would not put it name in my cert. My UAGs have a public cert from a public authority. The same cert is on my load balancer. My connection servers use a SAN cert from internal CA. I think it is a security risk adding connection servers that reside on my LAN network on my cert that any intruder can read.

This VMware resource who was on site told me it was best practice to add all UAGs and connection servers to the cert. When I ask them to show me in the document where it says that he quietly dropped the argument. Granted I do understand his argument. It makes it easier to troubleshoot. However, I personally believe it is a matter of preference and opinion. But regardless it will work either way.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

Reply
0 Kudos