Forum Discussion
SSL Certificate & Availability Group Question
Hello-
I have the below SSL AG question:
I have 4 servers below and would like to confirm my thought is correct by ordering 4 separate SSL certificates *with each separate SQL instance name* or order 1 with only the AG name and import the SSL certificate to each individual SQL instance.
AGSQLPROD_AG (AG Name)
- SQLPRODServer1 (primary)
- SQL PRODServer2(Secondary
- SQLPRODServer1DR (DR Site)
- SQLPRODServer2DR (DR Site)
My thought is that since the AG listener will failover to any of the nodes below, the DNS should take care of any connection issues, therefore I should not create any SSL certificates with the AG name and instead create 4 SSL certificates with the physical SQL instance names.
If my thought correct, ordering 4 separate SSL certificates using the SQL instance names and NOT the AG name?
Any input is greatly apricated!
Thanks
2 Replies
Hi, Craig.
It's been a very long time since I've set up AlwaysOn, but from memory, I chose a different route for the certificate.
I used a single certificate using the following configuration:
Subject name - Availability group FQDN
SAN - Availability group FQDN
- The FQDN of every member
So, for example, if I have an Availability Group FQDN of "sqlag.robertsonpayne.com" with three members (sql01.robertsonpayne.com to sql03.robertsonpayne.com) then the certificate request would feature:
Subject name - sqlag.robertsonpayne.com
SAN - sqlag.robertsonpayne.com
- sql01.robertsonpayne.com
- sql02.robertsonpayne.com
- sql03.robertsonpayne.com
This is a pretty standard configuration for a certificate and made the ongoing administrative overhead (technical and financial) a little easier to keep on top of.
Cheers,
Lain
- Thanks Lain for the feedback much apricated!
