Web Certificate with VRRP pair
Hello -
I am updating the Web Certificate on our AX1030s which are configured for VRRP. From reading the instructions this looks to be a simple process but there was no mention of what to do if your AX1030s are configured as a VRRP pair. If I install the new Web Certificate on the Active member of the VRRP pair will it replicate the cert to the Standby?
Or do I need to have two certs? One for the Active(ax1030-prd1) and one for the Standby(ax1030-prd2)?
Thanks,
John
I am updating the Web Certificate on our AX1030s which are configured for VRRP. From reading the instructions this looks to be a simple process but there was no mention of what to do if your AX1030s are configured as a VRRP pair. If I install the new Web Certificate on the Active member of the VRRP pair will it replicate the cert to the Standby?
Or do I need to have two certs? One for the Active(ax1030-prd1) and one for the Standby(ax1030-prd2)?
Thanks,
John
Tagged:
0
Comments
You can use aVCS to synchronize the configuration between the chassis pair. From the aVCS config guide:
In addition to individual device management and VCS configurations, the vMaster can also take care of the following operations
on vBlades:
• Synchronize configurations
• Synchronize certificates
• Synchronize keys
• Synchronize aFleX policies
• Synchronize black/white lists
• Synchronize code versions
I tried on my system by importing a certificate into vMaster and it was synchronized to vBlade system:
vThunder-Active-vMaster[1/2]#sh pki cer
Name: Test_Cert Type: certificate/key Expiration: Apr 14 21:31:48 2019 GMT [Unexpired, Unbound]
vThunder-Active-vBlade[1/1]#sh pki cert
Name: Test_Cert Type: certificate/key Expiration: Apr 14 21:31:48 2019 GMT [Unexpired, Unbound]
Regards.