Using a single SSL certificate for multiple network interfaces in the PGP Encryption Server (Symantec Encryption Management Server)
search cancel

Using a single SSL certificate for multiple network interfaces in the PGP Encryption Server (Symantec Encryption Management Server)

book

Article ID: 222513

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption

Issue/Introduction

If you have multiple network interfaces in the PGP Encryption Server (Symantec Encryption Management Server) you will almost certainly need an SSL/TLS certificate for each interface.

However, this does not necessarily mean that you need to create multiple certificates.

Environment

PGP Encryption Server 10.5 and above.

Resolution

Rather than using unique certificates for each network interface you can use one certificate that contains multiple SAN (Subject Alternative Name) values.

For example, suppose that Encryption Management Server is configured like this:

  • Interface 1, IP 10.0.0.1, DNS name keys.example.com
  • Interface 2, IP 172.16.0.1, DNS name keys2.example.com
  • Interface 3, IP 192.168.0.1, DNS name keys3.example.com

One option is to create three separate SSL certificates with these CN (Common Name) values and assign each certificate to the relevant network interface:

  1. keys.example.com
  2. keys2.example.com
  3. keys3.example.com

To avoid using multiple certificates you could create a single certificate with:

  • A CN value of keys.example.com.
  • A SAN value of keys.example.com, keys2.example.com and keys3.example.com.

Then assign this single certificate to Interface 1, Interface 2 and Interface 3.

Powered by Wolken Software