Using a single SSL certificate for multiple network interfaces in Encryption Management Server

book

Article ID: 222513

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

If you have multiple network interfaces in Encryption Management Server you will almost certainly need an SSL/TLS certificate for each interface.

However, this does not necessarily mean that you need to create multiple certificates.

Environment

Symantec Encryption Management Server 10.5 and above.

Resolution

Rather than using unique certificates for each network interface you can use one certificate that contains multiple SAN (Subject Alternative Name) values.

For example, suppose that Encryption Management Server is configured like this:

  • Interface 1, IP 10.0.0.1, DNS name keys.example.com
  • Interface 2, IP 172.16.0.1, DNS name keys2.example.com
  • Interface 3, IP 192.168.0.1, DNS name keys3.example.com

One option is to create three separate SSL certificates with these CN (Common Name) values and assign each certificate to the relevant network interface:

  1. keys.example.com
  2. keys2.example.com
  3. keys3.example.com

To avoid using multiple certificates you could create a single certificate with:

  • A CN value of keys.example.com.
  • A SAN value of keys.example.com, keys2.example.com and keys3.example.com.

Then assign this single certificate to Interface 1, Interface 2 and Interface 3.