Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1575
Views
0
Helpful
2
Replies

LDAP certificate and profile with Clusterconfig

Go to solution
michelegarribba
Level 1
Level 1

‎05-06-2015 02:52 AM

Hi all,

 

 

i have a problem with LDAP checking for incoming email in clusterconfig.

It seems that after building the clusterconfig only uses the LDAP certificate of the cluster creator ESA causing all LDAP checks on secondary ESA dropping for LDAP error. Unable to process message 37030. Message requeued.

 

Is this possible? What should be the correct LDAP configuration when config clustering ESA ?

 

thanks all

smaikol

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nasir Abbas
Cisco Employee
Cisco Employee

‎05-07-2015 10:13 AM

Hello Michele,

When a new machine joins the cluster, all existing config is replaced.

In regard to cluster and certificates you have following two option:

1. Get SAN or wildcard cert which can be used at cluster level

2. if you already have machine / host specific certificates then move the certificate config to machine level.

The precedence of config for appliance is cluster is Machine -> Group -> Cluster. high to low respectively. 

For second tin,  please do following:

GUI -> Network -> Certificates

Click Manage Configuration

Create New machine Level Config for All appliances in cluster of certificates

Install the certificates

NOTE: Keep Name of Certificate same

Submit and commit.

If you have any further issues, please feel to open case with TAC.

 

Thanks

Nasir Abbas

 

 

 

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nasir Abbas
Cisco Employee
Cisco Employee

‎05-07-2015 10:13 AM

Hello Michele,

When a new machine joins the cluster, all existing config is replaced.

In regard to cluster and certificates you have following two option:

1. Get SAN or wildcard cert which can be used at cluster level

2. if you already have machine / host specific certificates then move the certificate config to machine level.

The precedence of config for appliance is cluster is Machine -> Group -> Cluster. high to low respectively. 

For second tin,  please do following:

GUI -> Network -> Certificates

Click Manage Configuration

Create New machine Level Config for All appliances in cluster of certificates

Install the certificates

NOTE: Keep Name of Certificate same

Submit and commit.

If you have any further issues, please feel to open case with TAC.

 

Thanks

Nasir Abbas

 

 

 

 

 

0 Helpful

Go to solution
michelegarribba
Level 1
Level 1
In response to Nasir Abbas

‎05-10-2015 12:19 AM

Hi Nasir,

 

thanks a lot for your info, can i use this procedure for the cluster certificate?

http://enterpriseit.co/ironport/how-to-setup-ssl-certificate-on-ironport/

 

should i remove the 2nd ESA and add it again and THEN create the certificate? should i remove the single endpoint certificate?

thanks,

smaikol

0 Helpful
Customers Also Viewed These Support Documents