Hi Dears
I want to make cluster of expressway e & c , for the C servers, i done have any problem, and they clustered, but when i want to cluster the e servers, they can't cluster together, and it showing error on cluster of expressway e:
certificate: invalid
clustering:failed
they are same version and they have same option keys and i generate certificate with cluster fqdn name and peer1 fqdn name and peer 2
i set a record dns for cluster name and two expressways in internal dns
i don't know what's the problem
If you test name resolution on the Es can they resolve all the names in your cluster configuration?
What about the cluster members names, can Es resolve them? I’ll have to check the configuration guide, but I’m fairly certain that the cluster name should not resolve to both the IPs of what I assume is your Es public IPs. If it would be the internal and external IPs that resolve then your not doing this correctly.
The configuration guide for how to form a cluster is pretty well written. Have a read though and try again, it shouldn't be to hard to get the cluster formed if you follow the outline.
You have two mode on expressway clustering page for TLS. Permissive and enforced. Use permissive till you have a proper certificate. Once certificates are as per requirement then change it to enforced.
You can follow the below link to generate proper csr for your cluster.
https://video.cisco.com/video/5809964179001
