Security

Reply
Occasional Contributor II
Posts: 12
Registered: ‎12-24-2015

scep url as VIP FQDN

Anyone out there doing SCEP enrollment from an MDM? We have it working but my concern is the SCEP URL on the onboard CA is bound to the hostname of the appliance, NOT the VIP FQDN. We have two appliances clustered and setup for standby publisher failover. In the event of a failover to the standby publisher, the hostname will be different for the SCEP URL. Is the onboard CA smart enough to account for the change or is there a way to reference the VIP FQDN instead?

 

Example: 

VIP FQDN: cpvip.domain.com
Clustered Host1: cp1.domain.com (publisher)
Clustered Host2: cp2.domain.com (standby publisher)

SCEP URL cannot be edited and is cp1.domain.com/guest/mdps_scep.php/2

If we failover and promote cp2.domain.com to the publisher, it seems that scep enrollment would fail, so how do we make sure we point the scep request to the actual live publisher since it does not use the vip fqdn?

Guru Elite
Posts: 8,756
Registered: ‎09-08-2010

Re: scep url as VIP FQDN

Point the MDM SCEP URL at:

cpvip.domain.com/guest/mdps_scep.php/2


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: