Specifications

ManualsBrandsCoyote Point Systems ManualsHome AudioEqualizer

191

192

193

194

195

196

197

198

199

200

Appendix D: HTTPS Cluster Certificates

182 Equalizer Installation and Administration Guide

• Uncheck the use secure key storage check box when adding the SSL certificate; the private

key will be kept on the Equalizer instead of in SKS.

• Clear SKS memory (using the procedure below); this removes all keys from SKS and will

free up any space taken by keys that are no longer used. This assumes you have not already

used all 128kb of space on the Xcel card. If you do this, you’ll need to re-add all your

certificates for all your HTTPS clusters whose keys were kept in SKS.

To clear SKS memory on the Xcel card:

1. Log into Equalizer as root over the serial line.

2. Enter the following command:

SKSManager -R -u 0

3. After the operation completes (which should take about 1 minute), re-add all certificates for all

HTTPS clusters.

Using Certificates in Failover Configurations

In failover configurations, client and server certificates are not part of the configuration settings that

are transferred between the failover peers when configuration changes are made on one of the

failover systems. For this reason, you must install the server certificates (and the client certificates,

if used) on both of the failover peers.

Using IIS with Equalizer

Using Internet Information Services (IIS) is optional when creating and managing certificates for

Equalizer Layer 7 HTTPS clusters and clients. In fact, one of the advantages of using Equalizer is

that only one server certificate is required for an HTTPS cluster. The cluster certificate is installed

on Equalizer, not on the servers in the HTTPS cluster. So, you do not need to use IIS on each server

to create and install certificates. This reduces the amount of effort spent administering server

certificates.

For Layer 4 TCP and UDP clusters, certificates are not installed on Equalizer, and you will need to

install a server certificate on each server in the cluster (since Equalizer is not doing any HTTPS/

SSL processing in Layer 4). Generating a CSR and installing a signed certificate on Windows using

IIS is shown in the procedure below.

Note that IIS does not support the creation of self-signed certificates. You must create the self-

signed certificate on Equalizer (see “Generating a Self-Signed Certificate” on page 176) or another

system that supports the OpenSSL tools; then, use IIS to import the certificate into the proper

certificate store (usually, the Personal store) on Windows.

For more information on using IIS, please refer to the IIS documentation from Microsoft.

Generating a CSR and Installing a Certificate on Windows Using IIS

1. If you have not already installed Internet Information Services (IIS), use the Add and Remove

Programs wizard (under Control Panel) to install it. Click on Add/Remove Windows