Before enabling and configuring Geographic Redundancy, do the following:
Configure CRL download on the secondary System Manager server.
Note:
By default, CRL is valid only for 7 days. Therefore, you must configure Geographic Redundancy before the expiry date of CRL.
Add the trusted certificate of the primary server to the secondary System Manager server.
Note:
This step is mandatory. Complete this step even if you are replacing the certificates with third-party signed certificates.
If the certificate is replaced on the primary server by a third-party signed certificate, then the same certificate type must be replaced on the secondary server by the same third-party CA.
For example, If a third-party CA replaces Management Container TLS Service signed certificate on the primary server, then the same type of certificate must be replaced on the secondary server by the same third-party CA.
Install a third-party certificate on both servers on both servers before and after the Geographic Redundancy configuration.
Ensure that a third-party CA certificate is added to the trust store of both System Manager servers.
The replaced certificate must have a full chain (id certificate ->inter CA (if present) certificate -> root CA certificate) and must contain the correct FQDN/VFQDN in the required places.
-
Note:
Configuring CRL download is mandatory for Geographic Redundancy.
If the CRL URL for the third-party is not accessible from System Manager, then set Certificate Revocation Validation from BEST_EFFORT to NONE on the page.
When you click Commit, System Manager displays the following message:
Changes are updated successfully. An Application server restart is required for changes to take effect. Click Ok to restart it now. Click Cancel to restart it later. Web Console would be unavailable for 10-15 minutes during a restart.
