SSL Certificate for Web Administrative Interface in a Cluster

0

Hello,

we have 2 LM-2200 in HA Mode and would like to replace the self-signed cert.

- import the cert per shared ip address --> ok

- reach the shared ip --> new cert is used --> fine

- when I reach the currently active LM-2200 directly --> the new cert is used --> fine

- when I reach the second, standby machine --> the self-signed cert is used

- so we switch the second machine as active -> set the new cert by shared ip

- when I reach the machine directly --> the self-signed cert is still used

 

How I can or why I cannot set second LM-2200 machines to use the right cert?

 

Firmware version is  (loadmaster01:172.20.17.100) Configuration

Vers:7.1.34.1.12802.RELEASE 

 

Thanks.

 

Best regards

Daniela

 

4 comments

Avatar
0
Mark Deegan

Hello Daniela,

You will need to import the cert for use for the second device as well. Importing it on the first device only allows that device to use that cert. Device certs are not shared in HA, only VIP certs are shared.

Regards

Mark

Avatar
0
d.thost

Hi Mark,

 

thanks. But how can I import the cert on the device? Currently I only see, that this is possible by shared ip. But when I import the device and click to use it, the device itself use the self signed cert.

 

Best regards

Daniela

Avatar
0
Mark Deegan

Hi Daniela,

the easiest way to do this is to fail over to the second device in the HA pair and then re-install the cert under "Certificates & Security" and select the Administrative certificate to use.

regards

Mark

Avatar
0
d.thost

Hi Mark,

yes, I do so, but it doesn't work.I set the certificate for the first active device and it works. I made a fail over, import the cert again and use it as administrative certificate, but these device don't use the new cert.

 

Should a open a support request?

Thanks!

Daniela