Contributor.
Contributor.
415 views

Switching to Third Party Certificate


GMS 2014 R2 running on SLES 11 SP 4. We have run into issues with our self signed GMS server certificate and newer devices. Consequently we want to switch to a third party certificate.



My question is what are the devices expecting to see as the Common Name in the certificate? The reason I ask is, we already have a third party cert in place for GroupWise WebAccess that uses www2.owzw.com as the common name. Requests hit our firewall and are redirected to a specific server behind the firewall based on a port number and internal ip address.



Could I use this same certificate to secure communincation between our devices and a different server behind the firewall (which directs the requests to a different server based on a different port number and ip)?



Thanks,

Scott


Labels (1)
0 Likes
1 Reply
Highlighted
Knowledge Partner
Knowledge Partner

In general TLS/SSL clients want the Subject, or more-commonly something in
the list of Subject Alternative Names (SAN), to match the address that the
client uses to access the server. In other words, if your Android-based
phone wants to go to mobility.owzw.com and the certificate presented by
the service it reaches is www2.owzw.com, then that's the end. If that
certificate has a list of names, though, and one of them is
mobility.owzw.com, then you are in business.

Note that if a list of SANs is present in the certificate that, per the
RFC, the main Subject we all known and love is ignored, so be sure you
have anything in the Subject also duplicated in the list of SANs.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.