2 Replies Latest reply on Apr 26, 2013 8:53 AM by itsec

    Cluster CA

    itsec

      hi, my product guide doesn't mention what a cluster CA is.  I've seen this post but am not really any wiser! https://community.mcafee.com/message/215959#215959

      Is there any up-to-date documentation on this?

       

      At present I have a cluster of 5 proxies in different geographic locations.

      I created a user interface cert for each of them and also a sub-CA based on our internal windows CA for each one.

       

      Do I need the cluster CA?

      Does it negate the need for creating a sub-CA on each proxy?

       

      Many thanks

        • 1. Re: Cluster CA
          Jon Scholten

          The cluster CA is what allows each of the nodes in the cluster to communicate with each other (on port 12346). Each node shares the same cluster CA. If you change this, then you would need to import it on any new node prior to joining it to the cluster, otherwise joining will not work.

           

          The "Cluster CA" should not be confused with the user interface certificate or the SSL scanning CA. The Sub CA you have, has been imported under Policy > Settings > Engines > SSL client context with CA, each node already shares this setting.

           

          In the end the cluster CA is not something that you should need to change nor is it a user related item.

           

          Best,

          Jon

          1 of 1 people found this helpful
          • 2. Re: Cluster CA
            itsec

            Thanks for clearing that up Jon, I won't touch it then