SSL certificate for two VPN gateways for the same Domain behind a Load balancer
Posted on 2014-08-23
Our company has two VPN gateways (Or think of it as a Web Server I Guess) behind a Load Balancer for resilience purpose which share the same domain (e.g. vpn.mycompany.com). VPN client will logon to the VPN session thru either one of the VPN gateways.
We need to install SSL certificates for both VPN gateway and purchase the certificates from a well know public CA (e.g. Symantec verisign, godaddy etc.). My questions are as follows:
1) As both VPN gateways share the same domain name, Shall we purchase two SSL certs for each of the VPN gateway from the Public CA. OR just one and install the one cert to both VPN gateways ?
2) When we generate the CSR (Certificate Signing Request) from the Public CA, should we provide the same registration information such as:
Common Name : vpn.mycompany.com
or unique registration for each VPN gateway such as
vpn1.mycompany.com & vpn2.mycompany.com
Note that the VPN client only login to the VPN using domain vpn.mycompany.com ?
Thank you so much for your technical advice in advance.
Patrick Tam (System Administrator)