I am using an ep6 sp13 setup with
1 box in DMZ (web dispatcher and wgate for ITS)
1 portal CI behind firewall
1 portal DI behind firewall
I am looking to use a verisign cert on the DMZ box, so as to protect my ITS content,
Can I get away with just using a cery for the web dispatcher? can I use end-to end ssl if I choose to use the same cert for my ITS?
the link above is not to End-to-End SSL but to SSL re-encyrption.
For End-to-End SSL you need the server certificate on the J2EE system, the web dispatcher doesn't do any SSL operation in this case. Remember that your client talks to the web dispatcher, thus the cert for the J2EE must have the name of the web dispatcher (the CN), otherwise your browser brings up a warning.
Furhtermore someone mentioned that you need to have the same FQDN if you want to use the same certificate for differnt servers. This is not entirly ture, since a certificate can contain a wildcard. At least some CAs issue them, but then they are more expensive.