use of wildcard certificate

Hi,

We are going to use the UAG with a AD for the SSO of a sharepoint server and a set of 10+ web applications servers behind the UAG, the connections are supposed to be HTTPS; would like to know if the use of wild card server certificate is a mandatory in this kind of environment ? or a server certificate for each application server is also possible for this requirement ?


Thanks a lot !


  • Edited by llk1234 Tuesday, January 07, 2014 6:59 AM
January 7th, 2014 9:45am

Hi,

it is not mandatory but recommended. The reason for recommendation is, that you can just use 1 trunk for publishing instead of 10 different trunks (10 IPs) if you use a single server SSL cert. E.g. if you use app01.domain.com to app10.domain.com.As an alternative to the wildcard cert you can use a SAN certificate which has all app host names  inlcuded. Just in case this makes a price difference.

I would recommend to use the wildcard cert, because UAG configuration and management is much simpler as with the single server certificate and the SAN certificate is inflexible if you want add more apps because you have to request a new certificate if you add a new application.

Hope that helps,

Lutz

Free Windows Admin Tool Kit Click here and download it now
January 7th, 2014 11:05pm

Thanks Lutz for your advice !

As I am new to UAG, would like to know if I create different trunks for each server, can the SSO still able be configure to cover these 10 different HTTPS trunks, if yes, where should this be configured ?

Thanks again !


  • Edited by llk1234 Wednesday, January 08, 2014 12:57 AM
January 8th, 2014 3:32am

Yes, this can be achieved through cross-site single sign-on. http://technet.microsoft.com/en-us/library/ee921441.aspx
Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 4:08am

Thanks your prompt reply very much, I will check on the link !

January 8th, 2014 4:28am

As we are going to use client certificate's email in additional to username & password for the authentication,

then according to the cross-site SSO link provided, "client certification authentication" is not supported,

so does it means that I have to use a single HTTPS trunk to cover all the backend servers, and

this will imply that only wildcard or SAN server certificate is needed to use for this requirement ?

Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 5:16am

I think the wildcard cert is the best option for you.
January 8th, 2014 5:32am

Thanks again !
Free Windows Admin Tool Kit Click here and download it now
January 8th, 2014 5:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics