About multiple local certificates

In some instances, it might be desirable to install multiple local certificates that are used to identify the same host. There are several situations, where this might be desirable:

Multiple local certificates are typically used to decentralize VPN management in larger networks. For instance, a VPN could be used to create a WAN (Wide Area Network) among three head offices of a multinational company. Each head office must be responsible for its own VPN links that connect its regional branches to its head office, as otherwise there would be a reliance on a single set of administrators in one country / time zone preparing certificates for the entire organization.

Using the example, each head office VPN gateway could utilize two local IDs (certificates):

The same concept can be applied to any situation where you want autonomous VPN management. To continue this example, many of the offices within one country need several road warrior users to connect to their local networks. In this instance, a branch office VPN gateway could utilize two local IDs (certificates):