When a new instance of Miranda is created the user(s) need to create a new Certificate Authority (CA). The CA can be self-singed or signed by a recognized authority like Verisign. The CA signs the certificate that a Miranda node is required to present upon joining the cluster.
This authenticates the server to the clients and validates a client wanting to join the cluster.
The clients need the CA's certificate so that when they communicate with the server, to publish a new event for example, they can establish an SSL connection. The other severs need the CA's certificate to verify other sever's certificates when a remote system tries to join the cluster.
The CA's certificate thus has to be added to all the client trustores as well as all the server trustores.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment