Scenario: A Citrix Administrator manages an environment that has three SSL websites, all serving the same content. www.company.com www.company.net www.company.org
The administrator would like to consolidate the websites into a single, load-balanced SSL vServer.
What can the administrator bind to use a single SSL vServer?
To consolidate multiple SSL websites serving the same content into a single, load-balanced SSL vServer, the administrator should bind a multiple SAN certificate. This type of certificate (Subject Alternative Name) supports multiple domain names in a single certificate, making it ideal for this scenario where the sites have different domains (company.com, company.net, company.org) but share the same content. This setup simplifies management by using a single certificate that covers all the domains, avoiding the need to configure multiple certificates or SNI (Server Name Indication).
I would choose D. Option C requires to configure SNI since it is not possible to bind 3 certificates (with the same cryptography) to a Load Balancer. In addition, the statement mentions that the three websites are serving the same content, so the backend servers could be the same for all of them and then the SNI config stops making sense. By binding a multiple SAN certificate, we only need to adapt the DNS entries of the websites to point to the same IP (1 IP with 3 DNS) and we will be able to forward the requests to any backend server since all of them are serving the same content.
C and D are viable, C is quicker since admin has the certs created, D would require a brand new one
C because the simplest one, the others you require CS, SNI,etc
I would choose A As It says here: https://support.citrix.com/article/CTX110670/how-to-use-a-wildcard-certificate-to-host-multiple-secure-sites-on-a-single-ssl-virtual-ip-address-of-the-netscaler-appliance
A wildcard is still bound to a domain, aka <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bcddd2c5d4d3cfc8fcd8d3d1ddd5d292dfd3d1">[email protected]</a>. In this case the domains are .com, .net, etc.