Can the same SSL Certificate be used on 2 firewalls????

Forum|Forum|15 years ago
June 6, 2011
3 replies
3356 views

We have 2 firewalls physically located in 2 separate cities. Firewall #1 is our production device and firewall #2 is used for DR only. Firewall #1 has a valid certificate installed on it (signed by Verisign) and we used a Domain Name for certificate validation. If our production firewall (#1) were to encounter an issue, our plan is to change the public DNS IP associated with our ' A' record and point it to to our DR firewall (#2). My thought is to have the same certificate on firewall #2 which would avoid purchasing a separate certificate. Is there a way to export the certificate from firewall #1 and import into firewall #2? This certificate would be used for SSL VPN access.

jmac

New Member

You should be able to export the configuration of firewall 1 (without a password) and extract the section containing the certificate and private key. You can then upload it as a command file in the GUI or execute it directly in the CLI.

emnoc

New Member

yes that should work and would be smart. You might want to research wildcards certs and see if this might be beneficial if you need to run active/active between production vrs DR site. Wildcards might help in this situation.

gunthnp

New Member

You need to work with your CA to do this right. Have them issues a cert for the same dns and both IPs this is common.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded