Scenario: A Citrix Administrator manages an environment that has three SSL websites, all serving the same content. www.company.com www.company.net www.company.org
The administrator would like to consolidate the website into a single, load-balanced SSL virtual server.
Which action can the administrator take to use a single SSL virtual server?
The administrator can use a single SSL virtual server by binding a multiple Subject Alternative Name (SAN) certificate. This type of certificate can include multiple domain names and their variants, such as www.company.com, www.company.net, and www.company.org. This allows all three websites to be served over SSL from a single virtual server.
Both A and B are correct. You can have 3 different certificate bind to same Virtual server or you can go for SNI option . More correct answer is A , because he is already has certificate with him
B. SAN should cover all three names and domain extensions. Wildcard can only cover domain names
B is right answer. https://knowledge.digicert.com/solution/SO9440.html
Best practice would be a SAN, imo
I think right one in use SAN. wildcard certificate apply on prefix. *.aa.com is ok www.aa.* not
I believe the answer should be A, the websites already exist and likely the certs, it's just a single vServer that needs creating and therefore by enabling the SNI and ticking the box when binding the cert, multiple certs can be assigned to a single vServer; https://www.citrix.com/blogs/2015/09/10/citrix-netscaler-how-to-apply-multiple-certificates-to-one-virtual-server/
Same article, under 'Configure SNI Virtual Server, it does in fact refer to the use of wildcard. "A wildcard SSL Certificate helps enable SSL encryption on multiple subdomains if the domains are controlled by the same organization and share second-level domain name. For example, a wildcard certificate issued to a sports network using the common name “*.sports.net” can be used to secure domains, such as “login.sports.net” and “help.sports.net” but not “login.ftp.sports.net.”"
Both A and B are correct. You can have 3 different certificate bind to same Virtual server or you can go for SNI option
A is right answer
A is correct https://support.citrix.com/article/CTX205283#:~:text=You%20can%20enable%20the%20SNI,certificates%20to%20the%20virtual%20server.
B is correct
A SAN with a CS vServer is the answer, as you have 3 different URL with .com/.org/.net. Wildcards are firstly not really recommended but aren't used for org indicators at the end of the URL. So a Wildcard just wont work... D is incorrect flatly due to its inability to be used. B works but, typically if we got 3 URLs resolving via to the same IP it is more ideal to use a CS vServer so we have granular control over the urls individually, a single SSL Offload vServer would make it where the 3 are bound together as a service so a change will always impact all 3 unlike a CS vServer connecting to non-addressable LBs. The question is flawed unfortunately and cannot be answered properly.