Layer 7 Identity Management

Expand all | Collapse all

ssl certificate  in IDM VAPPs which user access url via VIP

Jump to Best Answer
  • 1.  ssl certificate  in IDM VAPPs which user access url via VIP

    Posted 12-03-2018 05:27 AM

    Currently, I have a different certificate (different common name) for 2 IDM vapps (already installed in vapp) using different "localhost.key"
    - ***.IDM.COM for vapp1
    - YYY.IDM.COM for vapp2
    I have also implemented new VIP URL for both vapp such as ZZZ.IDM.COM (using load balancer)
    End-user can access idm to URL "ZZZ.IDM.COM"

    Then
    1. I generated the 2.csr files to security team.
    2. Secutity team generate only one certificate back for "zzz.idm.com"to appy in both idm vapps.
    3. I applyied this certificate in both VAPPs and restart idm. i try to access the IDM url but it works for IDM1 only.

     

    My question is,
    why idm2 browser always say "CN is invalid". what step that i missing?
    Security team said, they can generate the only one certificate for 1 name.
    Anyone can suggest?



  • 2.  Re: ssl certificate  in IDM VAPPs which user access url via VIP

    Posted 12-03-2018 10:26 AM

    Have you considered applying the certificate on the Load Balancer machine instead?



  • 3.  Re: ssl certificate  in IDM VAPPs which user access url via VIP

    Posted 12-03-2018 10:11 PM

    No,i haven't  try. 



  • 4.  Re: ssl certificate  in IDM VAPPs which user access url via VIP
    Best Answer

     
    Posted 12-04-2018 04:17 AM

    Since the security team only generated one cert, and it works on vApp1, this means that they only certified the key-pair from vApp1.

    I would copy the localhost.key and new localhost.crt from the security team from vApp1 across to vApp2 (back up originals first) and then restart IDM on vApp2

     

    Pearse



  • 5.  Re: ssl certificate  in IDM VAPPs which user access url via VIP

    Posted 12-06-2018 02:32 AM

    i did as your suggestion. currently,it woks properly.  user  can access idm url  "ZZZ.IDM.COM""  by using the FQDN of VIP.  

    Thank you so much.