0

Forgive my ignorance, but is it possible to have one SAN certificate that covers multiple servers and services? For example, say I wanted one cert for Lync and SharePoint, each with multiple SANs that point to the two different machines:

DNS Entry       -  Local IP
meshq001.xxx.com - 192.168.1.15 (Host Machine FQDN)
dialin.xxx.com - 192.168.1.15
admin.xxx.com - 192.168.1.15
meet.xxx.com - 192.168.1.15
lyncdiscoverinternal.xxx.com - 192.168.1.15
lync.xxx.com - 192.168.1.15
lyncdiscover.xxx.com - 192.168.1.15

SPHQ001.xxx.com - 192.168.1.14 (Host Machine FQDN)
intranet.xxx.com - 192.168.1.14
mysite.intranet.xxx.com - 192.168.1.14
search.intranet.xxx.com - 192.168.1.14
extranet.xxx.com - 192.168.1.14

So basically one certificate that can be applied to two different servers, which covers all the necessary DNS entries for both web servers.

If possible, what would be the drawbacks(if any) to this method?

Peter Hahndorf
  • 13,763
  • 3
  • 37
  • 58
Lee Harrison
  • 486
  • 1
  • 5
  • 18
  • 5
    It's against some SSL certificate providers policies (as some license on a per-server, not per-cert basis) but otherwise it'll work fine. – ceejayoz Aug 07 '13 at 18:35

1 Answers1

3

As long as you don't mind all the certificates expiring simultaneously, it shouldn't be a problem. It's my understanding that SANs were created for this exact purpose (but usually applied to just one service).

saltface
  • 415
  • 5
  • 17