9.2 Using Internal Certificates in a Cluster

Recent versions of Novell Certificate Server create default certificates that allow you to specify an alternative IP address or DNS address by adding it in the Subject Alternative Name extension. This requires that your DNS service be configured to reflect the cluster IP/DNS address as the default (or first) address. If the DNS service is set up correctly, the cluster applications can use the default certificates without needing any administration.

IMPORTANT:If the DNS service is not set up correctly, then you must use the process described for external certificates in Using External Certificates in a Cluster.

For OES 2 Linux clusters using the internal certificate method, ensure that the DNS service is configured to use the cluster IP/DNS address. During the OES 2 Linux install, select the Use eDirectory Certificates option so that Novell Certificate Server automatically creates the SSL Certificate DNS certificate with the correct IP/DNS address. By selecting the Use eDirectory Certificates option during the install and using the cluster IP/DNS address, clustered applications should be able to access the certificates without needing further configuration for the Server Certificate object.