07-17-2021 12:01 AM - edited 07-17-2021 12:02 AM
According to Cisco guide if you have 'use tls certificates' the only option checked off then you must exchange tomcat certs between the publisher of hub and spoke cluster.
Recently in my lab server the tomcat cert expired and i had uploaded new CA cert both on hub and spoke a month back and still I can see the ILS last contact time updating without any issues. Please see below screenshots, below is the cert of hub cluster with the expiry
Below is the list of certs in spoke cluster with hostname: edipvluccmlab01 tomcat-trust list, the cert that i have of hub cluster is an expired one
Below is the snapshot of ILS configuration from spoke cluster, you can see i've just the TLS certificate check box ticked.
i was expecting it to show like below, which is from another cluster
07-17-2021 03:49 AM
Looks like you use CA signed certificates. With this your CM nodes will have the CA root and if applicable intermediate certificates in the tomcat trust store and with this you don’t need to exchange the tomcat certificate between your nodes.
07-17-2021 03:55 AM
that is applicable when you have both use TLS certs and use password checked off , not when you have just use TLS certificates option checked off
07-17-2021 08:16 PM
since the ILS should have broken logically, i thought to restart ILS and see what happens and as soon as i restarted ILS, the connection broke
I've finally opened a TAC case and they have asked for logs to find out the cause for this behavior
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide