Quick question about setup for SSL: is the private key and CSR that are generated using the wM Certificate Toolkit dependent on the IS server used? The wM documentation is not clear to me, and I have searched wm.users threads without finding the answer.
We need to install certs on two RI servers in our DMZ, but the Certificate Toolkit is not installed on these servers. Could we use a local wM Toolkit instance to generate the private keys and CSRs, and then copy the certs onto the DMZ servers?
The certificate toolkit can be used on any system to create certificates for any other system. Only the inputs you enter in the tool are used to create the certificate, no environment variables from the system you run the toolkit on.
So you can just run the tool on your own local machine to generate the private key and CSR for your DMZ servers.
You just have to remember that certificates are legally bound by the name (ie. hostname of the machine), but could be placed on whatever server.
We did the same i.e. generated private keys and CSRs locally, and then moved the certs onto the IS servers.
But as per our security policies, the private key and CSR should be generated on the same IS server. So later on we generated private key and CSR again on the same IS server.