Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
Just looking for some advice on SSL renewal. We currently have three separate certificates, citrix.domain.com, mail.domain.com and dcserver.internaldc.domain.com. This is with thawte and to renew all certs with as individual certs it will cost £600+ for 2 years.
I have been looking in to it and with globalsign and an organizational certificate you can get SAN names for free, like owa. mail. autodiscover. and for additional SAN names it costs relatively cheap price £130 for 2 years. That cert with a reseller i can get for £267 for 3 years.
All sounds good but when it comes to creating the certs and making sure they all work right using this method is where i am bit unsure.
With cag 4.6 it is recommended to use a pem cert and rename it to a .crt as per instructions. http://www.digicert.com/ssl-certificate-installation-citrix-access-gateway.htm
It is also recommended to have the citrix domain as the principal name on the certificate.
The question is with mail. and the internal domain will i run in to problems?
I was thinking of using the IIS certificate request via exchange 2003 and set the citrix domain as the common name on the cert and then send that over to the reseller. They said that they can send me a pem but will i haev to asked for a csr and a pem, use the csr to complete the request on the exchange server for owa and use the pem for citrix. but what about the internal domain certificate. Apparently the internal domain certificate will cost an additional £130 because it is a fqdn but could i use a san for that cert or would i need a separate one?
I am thinking it may just be easier to do an expensive renewal via the thawte.
I have been looking in to it and with globalsign and an organizational certificate you can get SAN names for free, like owa. mail. autodiscover. and for additional SAN names it costs relatively cheap price £130 for 2 years. That cert with a reseller i can get for £267 for 3 years.
All sounds good but when it comes to creating the certs and making sure they all work right using this method is where i am bit unsure.
With cag 4.6 it is recommended to use a pem cert and rename it to a .crt as per instructions. http://www.digicert.com/ssl-certificate-installation-citrix-access-gateway.htm
It is also recommended to have the citrix domain as the principal name on the certificate.
The question is with mail. and the internal domain will i run in to problems?
I was thinking of using the IIS certificate request via exchange 2003 and set the citrix domain as the common name on the cert and then send that over to the reseller. They said that they can send me a pem but will i haev to asked for a csr and a pem, use the csr to complete the request on the exchange server for owa and use the pem for citrix. but what about the internal domain certificate. Apparently the internal domain certificate will cost an additional £130 because it is a fqdn but could i use a san for that cert or would i need a separate one?
I am thinking it may just be easier to do an expensive renewal via the thawte.
