Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Number of Certs per PGP US

Created: 07 Jun 2011 | 1 comment
MFTX_CBI's picture

I am planning a PGP deployment and need help with determining how to provide CA authorized certs for Universal Server.

Issue, Customer has multiple domians that they use for email.  Examples:

Banking.com
Mortgage.com
Finance.com

When PGP sends out the WebMessanger Notify message, the link included in message for each domain should point to its own domain and cannot display alternate domain in the link.

Example:  a user with an ecrypted message waiting from banking.com, must not have a link for https://keys.finance.com

I can think of two ways to approach this:

1.  Use a seperate cert for each domain.  This begs question, how many certs can be assigned to a single Universal Server, and how are they assigned (per interface, IP, other)

2.  The other is to use aliases (cName) in DNS,  so that a link to https://keys.banking.com actually point to https://keys.mortgage,com.  The question this poses is, will cert for keys.mortgage.com work for URL to keys.banking.com.

If there is a better way to handle this, please advise?

Thanks for your input

Comments 1 CommentJump to latest comment

KMGilbert - Cohort's picture

Hi,

Easiest way to do this would be to purchase a certificate that lets you have alternate subject names. Essentially, this means you can have multiple domains assigned to a single certificate.

Go Daddy can issue these - Not sure about Verisign...

Bear in mind that if you have any Web Messenger customizations, then you can only have one per PGP Universal Cluster. I've seen some organizations use a "special" single domain just for Web Messenger only - ie.

https://mail.finance-secure.com

Webmessenger messages for Banking, Mortgage & Finance would all go here.