cancel
Showing results for 
Search instead for 
Did you mean: 
dbottino
Level 9

Roll out a Certificate Authority for 3 MWG clusters

Jump to solution

Hi All,

I have 3 different Clusters of MWG and we need to roll out a Certificate Authority trust for SSL Client Context. We would  use GPO  to import certificates into Internet Explorer certificate store of our clients.

To do this we will refer to this article: https://community.mcafee.com/docs/DOC-5222

My question is:

we need to rollout 3 different Certification Authority ( for each cluster) or is it possible to rollout one CA  and use it on all clusters, for example importing  the CA into the other two cluster?

if yes, someone can explain me how to do that?

thanks a lot

kind regards

Daniele

0 Kudos
1 Solution

Accepted Solutions
asabban
Level 17

Re: Roll out a Certificate Authority for 3 MWG clusters

Jump to solution

Hey Daniele,

I wonder if we are talking about the same thing. You want to import the Root CA for the SSL Scanner -> Set Client Context, e.g. the certificate which is used to sign the server certificates MWG creates when SSL Scanner is enabled and a user accesses an HTTPS website, right?

If so you will have the CA you want to import a two files, the certificate, the private key and most likely a passphrase. Now go to any node of a MWG cluster, open the SSL Scanner rule set, open the Enable Client Context setting, click import and provide the information MWG requires, e.g. the certificate, key and passphrase. Click Save Changes and the CA will be used on all nodes of this central management cluster from now on.

Do the same thing on all clusters (=Central Management) you have.

If you are talking about something else please let me know :-)

Best,

Andre

0 Kudos
4 Replies
asabban
Level 17

Re: Roll out a Certificate Authority for 3 MWG clusters

Jump to solution

Hello,

you can roll out a single certificate authority into as many clusters as you want. There is no need to have a separate CA for each cluster.

Best,

Andre

0 Kudos
dbottino
Level 9

Re: Roll out a Certificate Authority for 3 MWG clusters

Jump to solution

Thanks Andre, in which way? is it possible via GUI?

Daniele

0 Kudos
asabban
Level 17

Re: Roll out a Certificate Authority for 3 MWG clusters

Jump to solution

Hey Daniele,

I wonder if we are talking about the same thing. You want to import the Root CA for the SSL Scanner -> Set Client Context, e.g. the certificate which is used to sign the server certificates MWG creates when SSL Scanner is enabled and a user accesses an HTTPS website, right?

If so you will have the CA you want to import a two files, the certificate, the private key and most likely a passphrase. Now go to any node of a MWG cluster, open the SSL Scanner rule set, open the Enable Client Context setting, click import and provide the information MWG requires, e.g. the certificate, key and passphrase. Click Save Changes and the CA will be used on all nodes of this central management cluster from now on.

Do the same thing on all clusters (=Central Management) you have.

If you are talking about something else please let me know :-)

Best,

Andre

0 Kudos
dbottino
Level 9

Re: Roll out a Certificate Authority for 3 MWG clusters

Jump to solution

Thanks Andre,

yes  is right!

thanks a gain

Daniele

0 Kudos