Configuring Directory authentication in a cluster environment - Security Center 5.9

Security Center Installation and Upgrade Guide for Windows Cluster 5.9

series
Security Center 5.9
revised_modified
2020-04-07

If you are using trusted certificates to communicate with the Security Center Directory in a cluster environment, you must configure a shared folder for all nodes in the cluster, and you must install the same certificate and its private key on all nodes. From the clients' perspective, all nodes in a cluster are the same server, therefore, they must all use the same certificate.

What you should know

During Security Center installation, you have the option to force all client and server applications to validate the identity certificate of the Directory before connecting to it. With Directory authentication enabled, users are prompted to accept all unknown Directory certificates. If accepted, the certificate is put in a list of trusted certificates, known as the white list, and the same users will not be prompted again in the future when connecting to the same Directory.

Procedure

  1. Perform the following on all nodes found in your cluster:
    1. Open the configuration file: <InstallDir>\Configuration files\GeneralSettings.gconfig.
      <InstallDir> is the installation folder usually located at:

      N:\Program Files (x86)\Genetec Security Center 5.9.

    2. Between the <Configuration></Configuration> XML markers, add the following line and save the file:
      <certWhiteList CertificateCacheFolder="N:\temp\cache" />
      NOTE: “N:\” represents the drive letter to the server’s external storage medium.
    The location of your white list certificate cache is now configured on the node.
  2. Export the identity certificate of the master node, along with its private key, and install it on the personal certificate store of the secondary nodes.