Hello! This is my first question.

So we are planning on installing the Frame VDI product, and using the SGA (Streaming Gateway Appliance) on the DMZ, as the Web Application Proxy that authenticates with our ADFS server. And I’m wondering about the public SSL certificates needed. We are being told by Nutanix that “You will need a wildcard cert for a subdomain off of your main domain. So a cert for something like *.sga.pha.phila.gov”. I’ve asked for more clarification, and my rep doesn’t seem to know. 

So what I am wondering is: do I need to get a public certificate for my internal ADFS server in that same “sga.” sub-domain? i.e., adfs.sga.pha.phila.gov.

What’s really throwing me is that the ADFS server’s FQDN is for our AD domain, which isn’t the same as our public domain name, of course. I’m guessing if I get a certificate for that server in a name that isn’t part of our internal DNS, I need to make a DNS alias for it. And, what SANs (Subject Alternate Names) do I need to include in the CSR.

So how do I go about this? How did YOU go about this? I need the certificates before I can install the SGA (the documentation says). So I need to know how to generate a CSR.

Thanks for any insight.