While it is possible to use the same certificates on two services, it may not be advisable for all deployments. Certificates have a CN field which is for the Common Name: this should match the service’s FQDN and should be the name you use to access it. If this is not the case, most services will complain and display certificate warnings.

For internal services such as the Web Admin Interface, this is not really an issue, and the errors can be dismissed. However, for external services such as WebRTC, this normally causes people concern because they do not know whether they should trust the website or not.

As long as the certificate meets the requirements of more than one service there is no reason why it cannot be reused.

Using SAN (Subject Alt Names)

You can use SAN as a solution to reusing certificates on multiple servers. SSL certificates are allowed to specify multiple names that the certificate should match. The SAN field enables the generated certificate to cover multiple comains.

For example, if the CN is example.com and the SAN are: core1.example.com, core2.example.com, core3.example.com, join.example.com 

For more information on using SAN, see What information is required to create a Certificate Signing Request file (.csr)?

Also see the Certificate Guidelines for your particular deployment.

Last update:

25-Jun-2020

FAQ ID:

1041