We have a users sending the request to url ( example : q1.abc.com ) which goes for dns resolution to local dns.
Local dns has a cname record for q1.abc.com pointing to q1.wip.abc.com. *.wip.abc.com is delegated to GTM.
GTM resolve q1.wip.abc.com to LTM VIP. We are doing ssl offloading on LTM.
Question is : do we need to generate CDR & certicate on q1.abc.com or q1.wip.abc.com
A longer answer to explain why, is that the certificate CN is checked by the broader against the hostname specified i the URL that is type dingo the browser. if the user types the name 'fred.domain.com', then the certificate has to be 'fred.domain.com'. It's this check that is used to verify (i..e the certificate CA is vouching for the authenticity of the name) that the end-user browser is connecting to the expected website.
q1.wip.abc.com is what you need the CSR generated for.
This is incorrect. The CSR should be for q1.abc.com