cancel
Showing results for 
Search instead for 
Did you mean: 

Device Certificates vs. Clustering

SOLVED
Contributor

Device Certificates vs. Clustering

Quickie question from my faded memory:

Does a newly-installed Device Certificate (and its port assignments) propagate automatically to the standby unit in a cluster as part of configuration updating, or must the Device Certificate be installed and assigned to the Virtual Ports separately for each clustered unit?

Our cluster is active/standby, and the certificate in question is for a virtual IVE.

Thanks!

4 REPLIES 4
Contributor

Re: Device Certificates vs. Clustering

Dear Ken-J,

the Certificate is associated to a Domain-Name. So the certificate will be switched over to the backup device if the primary one will fail and everything works quite fine. :-)

regards

NULL

Contributor

Re: Device Certificates vs. Clustering

No, the certificate is not assigned to a domain name: in the IVE, the certificate is bound to a virtual port.

Juniper appears to have no documentation on this topic and my feelings about my attempt to obtain support are better left unwritten. The sometimes-cited KB article on this topic appears to have been revoked without replacement.

Highlighted
Frequent Contributor

Re: Device Certificates vs. Clustering

Yes, in IVS setup newly installed certificates will be propogated across nodes.

Valid for both Active/Active and Active/Passive

Contributor

Re: Device Certificates vs. Clustering

This indeed turns out to be what we saw at certificate installation this morning: the certificate was installed in the primary and automatically propagated (along with its virtual port assignment) to the passive/secondary node.

Thanks!