Security

I will be changing the HTTPS certificates (ie update expiration date) on all nodes in a CPPM cluster.

1. While I am updating the certificates, will the subscriber nodes stop  responding to RADIUS requests?  I would expect the nodes to continue operating normally as long as the root CA certificate or certificate chain does not  need to change.

2. After the certificates are all installed, will the cluster continue to operate as before without futher configuration?

Thanks.

so your changing just the HTTPS cert, your not touching the RADIUS cert?

Correct, I am not touching the RADIUS cert. My question was based on the assumption that the nodes in the cluster establish trust using the HTTPS cert. After further reading, I now believe that trust is based on the RADIUS certificate which means no impact when I change the HTTPS cert. I would appreciate your verification.
Thanks.

1. While I am updating the certificates, will the subscriber nodes stop  responding to RADIUS requests?  I would expect the nodes to continue operating normally as long as the root CA certificate or certificate chain does not  need to change.

There is a HTTPS certificate and a RADIUS certificate on each node, in your case, you are replacing the HTTPS certificate, which won't affect in any matter RADIUS authentication using EAP-TLS or EAP-PEAP.

Replacing HTTPS certificate will have effect on the Management of the nodes and also Captive Portal. If you are unsure and have a backup/lab node, start with it and test your cert to make sure it's working.

2. After the certificates are all installed, will the cluster continue to operate as before without futher configuration?

Thanks.

Yes :)

Hi Overclock,

Thank-you for your reply.  It was very helpful.