Switching to Third Party Certificate


GMS 2014 R2 running on SLES 11 SP 4. We have run into issues with our self signed GMS server certificate and newer devices. Consequently we want to switch to a third party certificate.



My question is what are the devices expecting to see as the Common Name in the certificate? The reason I ask is, we already have a third party cert in place for GroupWise WebAccess that uses www2.owzw.com as the common name. Requests hit our firewall and are redirected to a specific server behind the firewall based on a port number and internal ip address.



Could I use this same certificate to secure communincation between our devices and a different server behind the firewall (which directs the requests to a different server based on a different port number and ip)?



Thanks,

Scott


  • In general TLS/SSL clients want the Subject, or more-commonly something in
    the list of Subject Alternative Names (SAN), to match the address that the
    client uses to access the server. In other words, if your Android-based
    phone wants to go to mobility.owzw.com and the certificate presented by
    the service it reaches is www2.owzw.com, then that's the end. If that
    certificate has a list of names, though, and one of them is
    mobility.owzw.com, then you are in business.

    Note that if a list of SANs is present in the certificate that, per the
    RFC, the main Subject we all known and love is ignored, so be sure you
    have anything in the Subject also duplicated in the list of SANs.


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.