Security

Reply
Highlighted
Regular Contributor I

Linking a Subscriber to a Publisher - self-signed HTTPS cert

Hello,

 

We have been trying to link a Subscriber to a Publisher , but it has been failing. I think this is because there was no HTTPS cert on the Publisher. I have now created a self-signed one (for testing purposes) but how do I now make the Subscriber accept this cert? What do I need to add to the Trust List on the Subscriber to make it accept the self-signed cert? Or is the only way to do this by using a non-self signed cert?

 

Thanks,

 

 

MVP Expert

Re: Linking a Subscriber to a Publisher - self-signed HTTPS cert

Are you still getting any error message after installing https self signed certificate while joining subscriber server to the cluster?

 

 

 

 

 

 

 

 


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor I

Re: Linking a Subscriber to a Publisher - self-signed HTTPS cert

Hi,

 

Yes, so I see this:

 

"Failed to verify the HTTPS Server Certificate of host 131.111.10.194. The CA certificate chain that signed the server certificate should be in the in the Trust List of this host."

 

Which makes sense, I just don't know how to add the root CA cert of the Publisher to the Subscriber Trust list

Occasional Contributor I

Re: Linking a Subscriber to a Publisher - self-signed HTTPS cert

You should have two options here,

1) install the certificate which "signed" the request to the subscriber

2) use 

cluster make-subscriber -b -V -i <ip-addr of publisher>  

-b should backup the running configuration, -V should force it and ignore ther certificate error 

 

/edit:

i corrected my code, "-f" is not an option, "-V" is.

 

hth,

Regular Contributor I

Re: Linking a Subscriber to a Publisher - self-signed HTTPS cert


@kainzjoh wrote:

You should have two options here,

1) install the certificate which "signed" the request to the subscriber

 

2) use 

cluster make-subscriber -b -f -i <ip-addr of publisher>  

-b should backup the running configuration, -f should force it and ignore ther certificate error 


I don't know how to get the Publisher's cert onto the subscriber.

 

Option 2 worked with a minor adjustment, replacing -f with -V

 

Thanks for your help. I'd still like to understand the self-signing process better but this looks like it has worked so that's great.

Regular Contributor I

Re: Linking a Subscriber to a Publisher - self-signed HTTPS cert

It seems like rather than creating a self-signed cert I actually want to create a cert signed by the Publisher, and have the Publisher's cert on the Trust list on the Subscriber, but I'm not clear on how to do either of those things.

Frequent Contributor I

Re: Linking a Subscriber to a Publisher - self-signed HTTPS cert

- Create the cluster by adding the subscriber node

- Import the certificate into the trust list

- Import the certificate into the node on which the CSR was done

- Export the certificate

- Import the pkcs12 encoded certificate into the other node

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: