Upload certificates for SSL in Box-to-Box redundancy

Answered Question
Aug 14th, 2009

Hello,

as for the configuration replication I use the commit_redundancy script, but how can I synchronize the certificates between the two boxes?

Do I have to do it independently in the two boxes? Can somebody give some detailed steps?

Thanks in advance,

Ruben

Correct Answer by Gilles Dufour about 7 years 6 months ago

Ruben,

this needs to be done manually.

You have to import the certificates on each box separately.

There is no syncrhonization of the files.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Fri, 08/14/2009 - 02:24

Ruben,

this needs to be done manually.

You have to import the certificates on each box separately.

There is no syncrhonization of the files.

Gilles.

jason.espino Sun, 08/16/2009 - 20:14

Hello Ruben,

As Gilles mentioned you would have to import the SSL files to each CSS. This can be accomplished with rcmd(remote commands) ran on the primary/master CSS.

#1. Ensure the SSL files you wish to import to the secondary CSS are already on the primary CSS.

#2. Create an FTP record with the APP session IP address of the primary/current master CSS.

ftp-record FTP username "password"

#3. Export the SSL files directly on the primary CSS using the new FTP record created. Doing this will place the SSL files in the FTP directory on the primary/master CSS which would allow the secondary/backup CSS to import the files.

copy ssl ftp export rsacert.pem "password used to import file"

#4. Once the files have been successfully exported on the primary/master CSS sync the configurations. You will still get the error message stating the new SSL files are not on the secondary/backup CSS however, doing this will create/place the new FTP record you have just created on the secondary/backup CSS.

#5. Now import the SSL files to the secondary/backup CSS using rcmd commands on the primary/master CSS.

rcmd "copy ssl ftp import rsacert.pem PEM 'password'"

Once completed and both the rsacert/key have been imported to the secondary/backup CSS you can sync the configurations again and should not receive an error. For this to work properly ensure both CSS's are not restricting FTP connections and rcmd commands are enabled.

no restrict ftp

I hope this info helps you out!

Jason Espino

Actions

This Discussion