This topic provides information about the tasks you must perform before enabling and configuring Geographic Redundancy.
Procedure
Download the Certificate Revocation List (CRL) certificate on the secondary System Manager server.
Note:
By default, CRL is valid for 7 days. Therefore, you must configure Geographic Redundancy before the CRL expiry date.
Add the primary server's trusted certificate to the secondary System Manager server.
Note:
If a certificate is replaced with a third-party signed certificate on primary server then the same certificate type must be replaced with the same third-party Certificate Authority (CA) on secondary server.
If Management Container Transport Layer Security (TLS) Service is replaced with a third-party CA signed certificate on primary server, then the same certificate type must be replaced with the same third-party CA certificate on secondary Server.
Install third-party certificates on both servers before or after Geographic Redundancy configuration.
For more information, see Avaya Aura® System Manager Certificate Management
Ensure that the third-party CA certificate is added into the trust store of both System Manager.
The replaced certificate must have full chain, (id certificate > inter CA certificate, (if present) > root CA certificate) and must also contain a correct Fully Qualified Domain Name (FQDN)/Virtual Fully Qualified Domain Name (VFQDN) in the required places.
Note:
Configuring CRL download is mandatory for Geographic Redundancy.
If CRL URL for third-party is not accessible from System Manager, on the Security > Configuration > Security Configuration > Revocation Configuration page, change Certificate Revocation Validation from BEST_EFFORT to NONE
