Securing communications among SafeLinx Servers in a cluster

For SafeLinx Servers that participate in a cluster, you can use TLS protocols to secure communications between subordinate and principal nodes.

About this task

To enable secure communications within a SafeLinx Server cluster, store the X.509 certificate of the principal SafeLinx Server node in the key store file of each subordinate cluster member. The default PKCS12 keystore file is sl-default.p12 and the default password is trusted.

After certificates are in place, edit the properties on each subordinate node to require the use of TLS protocols for communications with the principal node.

Procedure

  1. On the SafeLinx Server that is configured as the primary node, request or create a certificate that identifies the node. After you obtain the certificate, add it to the server's PKCS12 keystore file. For information, see Generating a server certificate from a certificate authority
  2. Transfer the signer certificate from the principal node to the subordinate node.
    • If you obtained a third-party certificate for the principal node, transfer the signer certificate file to the subordinate node.
      Note: The default PKCS12 keystore file that is installed with the SafeLinx Server might include a signer certificate for the CA from which you received your personal certificate. However, it is best to use the version of the signer certificate that you receive from the CA.
    • If you created a self-signed certificate, extract the certificate to a file and then copy the file to the subordinate node.
  3. To use the default PKCS12 keystore file from the SafeLinx Server installation directory, open the file sl-default.p12.
  4. Type a label for the certificate, then click OK.
  5. From the SafeLinx Administrator open the Resources pane, and expand the subordinate SafeLinx Server node that you want to configure.
  6. Right-click Cluster manager and then click Properties.
  7. From the cluster manager properties, open the Subordinate page, and in the Internode transport protocol, click TCP/SSL, and then click OK.

What to do next

To put certificate changes into effect, restart each subordinate and principal node where you modified the PKCS12 keyring file by adding or changing certificates. For more information, see Starting and stopping the SafeLinx Server.