Forum Discussion
hooleylist
Aug 06, 2010Cirrostratus
Hi Adam,
I don't think you can get a CA signed cert for internal domains like .local. Or have I misread what you were stating?
If you have multiple subdomains on the same domain, you could either get a UCC cert which is valid for each explicit subdomain, or get a wildcard cert that's valid for all subdomains like *.domain.com.au.
If you want LTM to do SSL offloading for you, you'd want to request the cert in PEM format. Or in 10.2 you can upload a PKCS cert as well. Or lastly, you could take any format and convert it using openssl on LTM.
Also, these days, most major CA certs are recognized by most devices assuming you configure the correct intermediate CA cert. Verisign seems to charge an arm and a leg just because they can. Most CA's will give you a demo cert that you can use to test chaining for specific clients.
Aaron