So the general flow for getting a HTTPS cert is straight-forward. You run a cert request on the server, you upload the request to your third party Certificate Authority (CA), you download their response, and then you import it using
certlm.msc under the personal store. You then use whatever application software to bind the cert to the listener.
But for SAN certs (servers that are load balanced), the way I do it is I
add a new domain under the CSR that the server will respond on in addition to the servers hostname and send that in the CSR Request. Then when processing the cert, I make sure the third party CA includes it in the SAN Cert which is different than a regular cert. Here is how:
- In the actual request, add/modify this section:
Then in the web GUI for your third party CA, choose
You would do this for each server behind the load balancer by replacing
loadbalanced.domain.comwith the front end DNS entry for your load balancer.