Server 2012, replication when all hosts are on workgroups, certificate question

I have four physical hosts.  each physical host is on a workgroup.  each physical host holds several VMs.  All of these VMs are on the same domain.

I am trying to set up replication, say from vmhost1 to vmhost3, and from vmhost3 to vmhost1.

As I understand it, I can only do this via certificate based authentication since the hosts are not on the domain.  

The question is, where do I get the cert?  Do I spin up a CA on the domain and issue it and then install it on all of the four servers or do I buy a public cert?

I'm confused about where I get my cert from.

Thanks

Cliff
crp0499CEOAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

adalliCommented:
Dear Cliff,

A server certificate issued from an AD CA will be enough to get hyperV Replica working.  

From a security standpoint, a certificate issued by a Trusted CA (eg godaddy) will be better.

Regards
Jonathan
0
crp0499CEOAuthor Commented:
But these servers are not on the domain.  they are workgroup servers.  as I understand it, physical hosts are not supposed to be on the domain, so mine are not.

I could spin up a CA on the domain and request one cert, and then install that cert on each server.  would that work?  installing the same cert (just one cert) on all four of my physical hosts?

since all of my physical hosts are on workgroups, if I buy a public cert, do I need one for each server?

Thank you.

Cliff
0
adalliCommented:
If you opt for a public certificate,  you would need one for each server.  

On the other hand, you can set up a domain and install Certificate Services,  issue a server certificate to each HyperV server (in a workgroup) and install the Root CA certificate on each server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.