Highlighted
Micro Focus Expert
Micro Focus Expert
198 views

UCMDB Support Tip: Certificates For Multiple Servers

Scenario: Architecture:

2 UCMDB servers, 2 probe servers and an F5 Load balancer.

 

Questions:

1.Do one install the same certificate onto both UCMDB servers?

2.When exporting the UCMDB certificate, to import to the Probes HPProbeTrustStore.jks do one import the same certificate to both probes?

3.When looking to do two-way authentication, do one export both the Probe certificates and install them into both CMDB trust store (server.truststore)?

4.To enable cluster authentication between both CMDB Servers, do one need a separate certificate or will the certificate from point 1 suffice?

 

Answers:

1.No, each certificate has its own common name (cn). In the case of certificates for TLS, the cn must be the FQDN. Therefore, two certificates are require for two UCMDB servers.

2.It requires two certificates for the two UCMDB servers, it is necessary to import those two certificates in the probe’s trust store. It is important to remember to import the public keys of the two certificates.

3.As the Hardening Guide states … have to create a new client key store on each probe. This client certificate has to be imported in each of the UCMDB’s trust stores.

4.For cluster authentication, all UCMDB instances inside the cluster use the same cluster key store, which means the same public and private key of the certificate. Therefore, one should create a new certificate according to the Hardening Guide or request a signed certificate from the customer. The configuration of the load balancer is important.

The load balancer might need a certificate as well and it needs to trust all certificates from all UCMDB instances (as well as the probes). The probes do also need the certificate of the load balancer in their trust store.

MICRO FOCUS Software Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please hit the Kudo botton, if you find this post useful.
Labels (1)
Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.