Hello, I would have a question about certificates. Is it possible that I use 1 certificate for an HA Cluster? Background: At the moment, we are running the 100D as an HA System (Active - Passive). We have certain scripts working on PLink. Frequently, one of the two Internet lines offline or the interfaces are too sensibel to short downtime (millisecond range), at least the Masteris then restarted. If this is the case, the scripts no longer work, since the hash key has changed, because the slave is up. We would like to have 1 certificate for both systems so this does not happen anymore.
Is this possible?
Regards
Hi,
not sure about certificate role in here.
But isn't SSH key authentication for admin running those scripts what you are looking for ?
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=11985
Best regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
You can import the same certificate on both HA members to avoid this scenario. I wonder why the cert isn't mirrored onto the slave in HA.
@Tomas: the SSH login thing is different but...the imported private key is mirrored to the slave member immediately. You will only notice after a failover or when using the local mgmt address.
Ok, i will try it. THX for Replys
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.