Fortinet Plink

Forum|Forum|9 years ago
March 30, 2017
1 reply
5225 views

Hello, I would have a question about certificates. Is it possible that I use 1 certificate for an HA Cluster? Background: At the moment, we are running the 100D as an HA System (Active - Passive). We have certain scripts working on PLink. Frequently, one of the two Internet lines offline or the interfaces are too sensibel to short downtime (millisecond range), at least the Masteris then restarted. If this is the case, the scripts no longer work, since the hash key has changed, because the slave is up. We would like to have 1 certificate for both systems so this does not happen anymore.

Is this possible?

Regards

xsilver_FTNT

Staff

Hi,

not sure about certificate role in here.

But isn't SSH key authentication for admin running those scripts what you are looking for ?

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=11985

Best regards,

Tomas

ede_pfau

SuperUser

You can import the same certificate on both HA members to avoid this scenario. I wonder why the cert isn't mirrored onto the slave in HA.

@Tomas: the SSH login thing is different but...the imported private key is mirrored to the slave member immediately. You will only notice after a failover or when using the local mgmt address.

Xris76Author

New Member

Ok, i will try it. THX for Replys

Regards

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded