Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active/Passive Cluster - which ports for certificate?

Peter_B_
New Contributor
‎03-31-2010 04:33:AM
‎03-31-2010 04:33:AM

Active/Passive Cluster - which ports for certificate?

Hello,

I've got an active/passive cluster of 2 SA4500FIPS boxes. I generated a CSR and have received the certificate from the certificate authority. I'm not 100% sure which ports to put the certificate on though. I have the choice of physical internal and external ports or the internal and external VIPs.

I've read the following article http://kb.pulsesecure.net/KB9686 which says for an active passive cluster you should put the certificate on the VIP but it doesn't mention anything about the physical ports.

If I put the certificate on the VIPs then it should work for anyone connecting to the VIP address, but what if I connect to one of the real IP addresses - it would give a certificate error wouldn't it? Should I put the certificate on the real ports as well? If so then what's the point of putting it on the VIPs?

Thanks,

Pete.

0 Kudos
1 REPLY 1
rvi_
Occasional Contributor
‎03-31-2010 04:46:AM
‎03-31-2010 04:46:AM

Re: Active/Passive Cluster - which ports for certificate?

bind the cert to both external/internal interfaces on master. when passive joins, the settings will sync across.

in short a certificate is associated to dns name, hence all nodes/interfaces in the cluster will use the same cert unless you have special requirements.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.