cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HoaNguyen
Level 7
Report Inappropriate Content
Message 1 of 3
‎04-06-2022 12:33 AM

Lost Cluster CA, how to recover it?

Hi support team, We have the MWG cluster with many nodes and going to add the new node. Unfortunately, we have no exported Cluster CA in our hand so I can not add to new node and join to cluster. Is there anyway to recover it? Or generate the new CA without any impact? Thanks.
0 Kudos
Reply
2 Replies
jacek
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3
‎05-11-2022 01:22 AM

Re: Lost Cluster CA, how to recover it?

Login over SSH to one of existing Cluster nodes.

You should check, where is your current configuration. Full path to current configuration in inside file: /opt/mwg/storage/active_configuration

cat /opt/mwg/storage/active_configuration

Change directory to current configuration:

cd `cat /opt/mwg/storage/active_configuration`

Enter "cfg" subdirectory:

cd cfg

Find file, where Cluster CA certificate is stored (switch for grep command is lowercase "L" letter):

grep -l "Cluster CA certificate" com.scur.engine.*

Grep command will return filename, where Cluster CA certificate is stored, eg:

com.scur.engine.sslclientcontext.1064.xml

CA certificate is in line starting with:

<configurationProperty key="CACert"

Key for this certificate is in line, but keep in mind, that this key is probably stored in encrypted form, so you cannot recover them to readable format:

<configurationProperty key="CAKey"

 

The values for CACert and CAKey are merged to one line. Replace "&#xd;&#xa;" to a new line.

 

But probably creating a backup of existing configuration and restoring it to a new node, should restore also Cluster CA certificate with a matching key.

0 Kudos
Reply
Bradlee_Cox
Level 9
Report Inappropriate Content
Message 3 of 3
‎05-11-2022 05:40 AM

Re: Lost Cluster CA, how to recover it?

If you generate a new Cluster CA on one of the clustered members, they all get updated with that Cluster CA at the time of creation. 

You can then use the new Cluster CA to add a new device to the cluster.

 

This saves you from needing to securely save a cluster CA forever.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC