8.3 Using External Certificates in a Cluster

External (third-party) certificates create a Server Certificate object that includes the cluster's IP and/or DNS address. Create a backup of this certificate. For each server in the cluster, create a Server Certificate object with the same name by importing the previously created backup certificate and key pair to a location on that server. This allows all of the servers in the cluster to use and share the same certificate and key pair. After all cluster nodes have the certificate, configure the cluster applications to use the server certificate.

IMPORTANT:This cluster task can also be used for sharing internal certificates on the cluster nodes. In early versions of Certificate Server, this was the only option available.

For information about exporting and using eDirectory Server Certificates for External Services, see Using eDirectory Certificates with External Applications in the NetIQ Certificate Server Administration Guide.

The external certificate method is more complicated than using internal certificates. You must create the certificate for each server in the cluster just as you did for NetWare. You must also create a configuration on the SAS:Service object for each server so that the common certificate is automatically exported to the file system where the non-eDirectory enabled applications can use it.