Combined Certificate for Storefront Farm

[Lutz Schumann]

Hi Citrix-Folks,

 

currently I'm having Issues when I try to use a single certificate with all server-names as SAN-Attributes and import that on all Storefront-Servers.

This only works, if the "Issued for" - Field matches the Server where I import the certificate, thus I need to issue a single certificate for every server.

 

Issued for:

citrixlab.mylab.local

 

SAN-Names:

citrixlab.mylab.local

storefront-a.mylab.local

storefront-b.mylab.local

 

Should this work (and I might have another Issue) or do I always need an individual certificate where the Issued-for Field matches the Hostname of the Server where I import the certificate ?

 

In this case:

 

Issued for:

storefront-a.mylab.local

 

SAN-Names:

citrixlab.mylab.local

storefront-a.mylab.local

storefront-b.mylab.local

 

AND

 

Issued for:

storefront-b.mylab.local

 

SAN-Names:

citrixlab.mylab.local

storefront-a.mylab.local

storefront-b.mylab.local

 

Regards,

 

Lutz

[Lutz Schumann]

Basically it should work: https://support.citrix.com/article/CTX235908

 

Interesting is the Limitation to 2048 with NetScaler VPX, is this still recent for 13.x release: https://support.citrix.com/article/CTX206268 ?

This might hit me later.

[Lutz Schumann]

Ok, the virtual Name was missing in the SAN-Section. Reissuing the cert with it fixed it.

There also seems to be an an Issue with permissions if you install the Cert via IIS instead of certlm (Error  80070520) and you have to install it into web and personal store otherwise storefront complains "no certificate installed" although it seems to work.