We are busy setting up NetStorage on our Cluster and one of the
requirements is that we using a Thawte/Verisign SSL certificate for
the domain netstorage.domain.com.

I am just curious if I will need to purchase a SSL certificate for
each server we will allowed the resource to run on. I ideally only
want to buy the one cert for the DNS entry of the resource.

Creating the NDSPKI:KeyMaterial seems to put the physical server name
in the CSR request. Is there a better way to do this, as surely the
cert is only needed for the apache/tomcat resource?

Any help would be greatly appreciated.