In preparation for a talk I'm giving at DOSUG I'm going to post my thoughts as they develop. At this point, I'm filling in the gaps so things may skip around a lot.
By default, you define a new certificate authority when you install Miranda. The new certificate authority signs the certificates of all the Miranda nodes so that they can join the cluster.
When a node tries to join the cluster, it is asked to present a certificate. The cluster checks that the certificate is signed by the certificate authority before the node is allowed to join the cluster. When clients contact the system with the web interface, this is also the certificate that is used by SSL/TLS.
The certificate authority itself can be signed by something like Verisign or it can be self-signed. The default is to use a self-signed certificate. This allows people to take Miranda for a "test drive" without requiring them to get a certificate first.