I"ll apologize up front for any ignorance on this topic, as I've been scouring Microsoft KB articles and trying to understand better.
Through GoDaddy, our Org has purchased 2 standard SSL Certificates for our multi ISP VPN connections and one wildcard SSL Certificate for a specific application server located internally to our domain but public facing.
We also need to pick up an SSL Cert for use for Radius authentication for our wireless, and I'm trying to determine if I just need to purchase yet another standard SSL Certificate or another Wildcard Certificate and try to consolidate everything to get it on the same renewal cycle.
We use an internal Microsoft AD CA for our current Radius authentication with a self signed Cert, so my assumption would be if I consolidated under a blanket Wildcard Cert it would need to be housed there.
We're going to a GoDaddy Cert for Radius authentication because of the Android 11 update.
We also have the question of other internal resources that use an https connection and how to secure those. Nothing public facing, all internal DNS, such as ds01.tigers.org or vc01.tigers.org that point to our datastores and vCenter. Would I need to add those DNS entries to the original CSR for the wildcard cert?
I'm pretty sure we'll stick with GoDaddy as that's what the purchasing/director is comfortable with, although other recommendations are welcome.
I hope this question makes sense or it may be 2 different questions. I so appreciate any guidance or a smack over the head.