问题

Q关于SGA和ADF框架所需的SSL证书

m

你好!这是我的第一个问题。

因此,我们计划安装Frame VDI产品,并使用DMZ上的SGA(流网关设备)作为使用ADFS服务器进行身份验证的Web应用程序代理。我想知道所需的公共SSL证书。Nutanix告诉我们:“您将需要一份通配符证书来用于主要领域的子域。因此,诸如 *.sga.pha.phila.gov之类的证书”。我要求更多澄清,我的代表似乎不知道。

因此,我想知道的是:我需要在同一“ SGA”中获得内部ADFS服务器的公共证书。子域?即,adfs.sga.pha.phila.gov。

真正让我的是,ADFS服务器的FQDN是为我们的广告域而言,当然与我们的公共域名不同。我猜想,如果我以不属于我们内部DNS的名称获得该服务器的证书,我需要为此做一个DNS别名。而且,我需要在CSR中包括什么(主题替代名称)。

那我该怎么做呢?你是怎么做到的?我需要证书,然后才能安装SGA(文档说)。因此,我需要知道如何生成CSR。

感谢您的任何见解。

Hello! This is my first question.<\/p>

So we are planning on installing the Frame VDI product, and using the SGA (Streaming Gateway Appliance) on the DMZ, as the Web Application Proxy that authenticates with our ADFS server. And I\u2019m wondering about the public SSL certificates needed. We are being told by Nutanix that \u201cYou will need a wildcard cert for a subdomain off of your main domain. So a cert for something like *.sga.pha.phila.gov\u201d. I\u2019ve asked for more clarification, and my rep doesn\u2019t seem to know.\u00a0<\/p>

So what I am wondering is: do I need to get a public certificate for my internal ADFS server in that same \u201csga.\u201d sub-domain? i.e., adfs.sga.pha.phila.gov.<\/p>

What\u2019s really throwing me is that the ADFS server\u2019s FQDN is for our AD domain, which isn\u2019t the same as our public domain name, of course. I\u2019m guessing if I get a certificate for that server in a name that isn\u2019t part of our internal DNS, I need to make a DNS\u00a0alias for it. And, what SANs (Subject Alternate Names) do I need to include in the CSR.<\/p>

So how do I go about this? How did YOU go about this? I need the certificates before I can install the SGA (the documentation says). So I need to know how to generate a CSR.<\/p>

\u00a0<\/p>

Thanks for any insight.
\u00a0<\/p>","quoteUsername":"MikeLeone","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

3个答复

Chaitrali Deshpande
秩
UserLevel 2
徽章 +4

你好迈克,

以下是可以提供帮助的快速文档:

https://docs.frame.nutanix.com/user-management/customauth/adfs.html?highlight=ssl

https://docs.frame.nutanix.com/network-management/sga/sga/sga.html?highlight = sga

https://docs.frame.nutanix.com/network-management/sga/sga-ahv.html?highlight=ssl

问候,
Chaitrali

m

你好迈克,

以下是可以提供帮助的快速文档:

谢谢,但是不,那不是。在问之前,我已经看过这些。他们都只是预先支持公共证书,而不是告诉我为什么需要一个证书(而不是内部签发的证书)。

我认为我们已经决定要获得获得公共证书的昂贵,即使我仍然不确定我本可以使其与我们的免费内部签发的证书一起使用。

谢谢您的帮助。

\t

Hello Mike,<\/p>\t

Here are quick documents that can help:<\/p>\t<\/content-quote>

\u00a0<\/p>

Thanks, but no, that doesn\u2019t. I\u2019ve looked over those, before asking. They all just pre-suppose a public cert, not telling me why I need one (as opposed to an internally issued certificate).<\/p>

\u00a0<\/p>

I think we\u2019ve decided to just go to the expensive of getting a public certificate, even though I\u2019m still not certain I could have made it work with our free internally issued certificate.<\/p>

Thanks for the help.<\/p>

\u00a0<\/p>","quoteUsername":"MikeLeone","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

m
徽章 +9

我正在同样的旅程。

我所做的事情,我应该找出本周是否可以工作,如果支持给我回电……。

我购买了一个新的公共域(example.com),然后进行了框架条目。所以frame.example.com

然后,我使用certbot手动获得 *.frame.example.com的通配符证书

I am on the same journey you are.<\/p>

What I have done and I should find out if it will work this week, if support calls me back\u2026.<\/p>

\u00a0<\/p>

I purchased a new public domain (example.com) and then made an entry for Frame. So frame.example.com<\/p>

I then using certbot manually got a wildcard cert for *.frame.example.com<\/p>

\u00a0<\/p>","quoteUsername":"MattK","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

回复


条款和条件
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu