none
GenralPurpose FAST Certificate RRS feed

  • Question

  • We have required a CA Signed certificate for Prodiction environment isnce self signed certificate has one year expiration time byt default. I have following questions regarding the certificate:

    (1) Do we require separate certificate for each FAST Search Server or a common certificate will work for all the FAST Search Server and installed on all the FAST Search Server.

    (2) Can we install the same certificate on SharePoint Server (Where Content SSA is running) as we will used for FAST Search Server?

    Regards

    Anubhav Saxena

    Tuesday, March 8, 2011 8:21 AM

All replies

  • You can create a self signed which lasts longer if you follow the steps outlines in my blogpost "Will your FAST Search Server for SharePoint work in a year?".

    As for your certificate. From TechNet: "The subject name or subject alternative name (SAN) field must contain the fully qualified domain name (FQDN) of the server that the certificate is issued to. This is required to support queries over HTTPS and administration services over HTTPS."

    and also "The certificate that is issued to Microsoft SharePoint Server must have the same issuer as the certificates that are issued to servers in the FAST Search Server 2010 for SharePoint deployment."

    So you need the fqdn of each server listed in the certificate, or a separate certificate per server (or extend the lifetime of the self signed one).

    Regards,
    Mikael Svenson


    Search Enthusiast - MCTS SharePoint/WCF4/ASP.Net4
    http://techmikael.blogspot.com/ - http://www.comperiosearch.com/
    Tuesday, March 8, 2011 2:20 PM
  • Does anyone know the correct process to produce a certificate template from a CA that mirrors the functionality of the default FAST certificate?  I mirrored the template of "Web Server" for my template with the exception of enabling all purposes vs. the Web Server template's purpose of "Server Authentication" only.  However, I can't find a way to get the subject name of my designation into this template and still make it available to respond to certificate requests.  The default behavior for the template is to assign a subject name based on the subject being supplied in the request, but I don't see a way to supply it.

     

    I posted a separate thread containing my own frustrations with this process but have received no replies (http://social.technet.microsoft.com/Forums/en/fastsharepoint/thread/7dc1c0cd-313c-4774-b2d5-e3116ae5195a)


    John Lenker
    Thursday, February 2, 2012 7:19 PM