Can we create a key pair on serverA that has the common name (CN) value of serverB and then generate the CSR on serverA, have it signed by verisign, install the certificate on serverA then move the key ring and certificate over to serverB. Has anyone done this? Will this work? Thanks in advance
Subject: Verisign, Key Rings and Certificate Signing Request
Tyson,Some concepts are not correct with your assertion.
When you send a CSR to a CA you get back two certificates. One is the organisational (domain) certificate, the other is the Server certificate.
If you create a Key ring with the server certificate. If the second server is on another domain you need to send the CA another CSR to get the second server certificate, then create the Key ring for it.
If the second server is on the same domain, you can use the same server certificate to create your second key ring.
Common Name (CN) refers to the domain NOT the name of the server. This is a common mistake.
Regards
Rolf Pfotenhauer