SSL Certificate for the Web Administrative Interface in a Cluster

0

Hello,

 

I am coming to new because I have got something that I can not fix on a fresh install.

I just did this :

  • Fresh install of 2 VLM-5000 with configuration
  • Put them in a Cluster State
  • Access to the Web Interface working fine on the three ip addresses (LVM-1 / LVM-2 / LVM-HA)
  • Generate a CSR with the the three name mentionned above, one in the CN (LVM-HA) and LVM-1 / LVM-2 in the SAN names
  • Ask for a certificate on our own PKI, based on the generated CSR
  • Import the certificate on the KEMP
  • Apply the certificate on the Administrative Certificate and each Local Machine, by switching the active node of the cluster from LVM-1 to LVM-2
  • I have no more the Certificate Error Message when accessing LVM-1 and LVM-2 directly
  • I have the Certificate Error Message when connecting to LVM-HA -> that is the reason of my post.

We are not supposed to go to each LVM directly, we are supposed to administer the cluster by using the shared ip address.
I can reach the shared ip address by setting the shared ip address associated to the name LVM-1 for example in our DNS.

If I do this I don't have anymore the Certifacate Error Message.

Is this the way to have access to the shared ip address by using an other name in the DNS? Name which is declared in the Certificate of course ?

Thanks for your help,

Regards,

Pierre-Yves

4 comments

Avatar
0
Mark Deegan

Hello Pierre-Yves,

Have you logged in to the KEMP HA IP address and installed the cert from there?

regards

Mark

Avatar
0
dtcsi

Hello Mark,

 

Yes that is what I have done to import the cert.

I did this import under Certificates -> SSL Certificates

Under Administrative Certificates, it is choosed for Administrative Certificate and for the Local Machine.

It is well working for the Local Machine, if i access it directly it works, it works also if I move to the other node by using is direct name.

There is only the issue with the shared HA IP address

Thanks for your help.

Regards,
Pierre-Yves

Avatar
0
gregg.mueller

Hello Pierre-Yves

Did you ever get this resolved?  I am seeing the same behavior with LM-2400.  I too created my CSR with the HA name for the common name and each physical host in the SAN.

 

Regards,

Gregg

Avatar
0
dtcsi

Hello Gregg,

 

I have not found solution unfortunately...

 

I have leave this subject on the side.

If i found anything I will let you know.

But I do not know when i will try to fix this.

 

Regards,

Pierre-Yves