Before enabling and configuring Geographic Redundancy, do the following:
Configure CRL download on the secondary System Manager server.
Note:
By default, CRL is valid only for 7 days. Therefore, you must configure Geographic Redundancy before the expiry date of CRL.
Add the trusted certificate of primary server to the secondary System Manager server.
If certificate is replaced on Primary Server by third-party signed certificate then same certificate type must be replaced on Secondary Server by same third-party CA.
For example, if the Management Container TLS Service is replaced by a third-party CA signed certificate on the primary server, the same type of certificate must be replaced on the secondary server by the same third-party CA.
Install a third-party certificate on both servers prior to Geographic Redundancy configuration and post Geographic Redundancy configuration.
For more information, see Managing certificates
.
Ensure that third-party CA certificate is added into trust store of both System Manager.
Replaced certificate must have full chain (id certificate ->inter CA (if present) certificate -> root CA certificate) and also must contain correct FQDN/VFQDN in required places.
Configure CRL download is mandatory for Geographic Redundancy.
If the CRL URL for a third-party is not accessible from System Manager, then set Certificate Revocation Validation from BEST_EFFORT to NONE on the page.
When you click Commit, System Manager displays the following message:
Changes are updated successfully. An Application server restart is required for changes to take effect. Click Ok to restart it now. Click Cancel to restart it later. Web Console would be unavailable for 10-15 minutes during a restart.
