You need to import the certificate and key.

If you created your cert on the first SA using a CSR then you will not be able to see your key and I do not believe that there is a way to recover it.

You'll need a unix system with openSSL to generate a new key and CSR that you can import into both SAs.

Sam.

JNCIS-FWV JNCIS-SSL JNCIS-ER JNCIS-SEC

Thanks Sam. I'm looking into getting the CSR and key generated per your recommendation. Do I need to install the cert on the Unix box and then export it with the private key, or just import the new cert with a separate private key file?

Dan

Open SSL will output 2 files, the CSR and the KEY.

Keep the key safe, send the CSR to your Certificate Authority.

Your CA will send you the completed certificate back.

Import the certificate, and the key that you kept safe into both SAs (they will be two seperate files) and voila.

No need to install anything onto your linux server, it just creates the key and CSR.

Cheers,
Sam.

Save the system.cfg from the node with the 2048-bit certificate; import this into the other cluster node through the certificate import interface.

Please note: if using FIPS, you need to do this through the system.cfg import interface and choose the options for importing the certificate and security world through the GUI. Once that completes, you will need to complete the installation through the console (with all your passwords and miscellany requirements of using FIPS).

*Face Palm moment*

I don't know why I didn't think of that!

Thanks to everyone for their responses.

What I ended up doing was using the Import/Export function under Maintenance and selecting Import Device Certificates and Import __Only Device Certificates on the 2nd cluster to copy just the certificates from the config file of the first cluster. This worked perfectly and both clusters are now using the new single device certificate in production.

Thanks .. Dan

Glad to hear it worked successfully for you