This could be about to come in handy for me, I think.
We've just added an SMC to our CMC that I didn't realize was on our network, and I'm seeing a lot of SSL errors for endpoints that are using it. The SMC wasn't a factor when I set SSL peering on our SteelHeads, so now I've got to add a licence and the SH certs to it.
Will let you know how I get on
Right. Well. Think I'm halfway there...
- CMC CA configured with 2048 bits
- SSL peering policy set to "Trust All Peers"
- Replace peering certs on CMC, pushed to all SHs
- Added SSL licence (kind of important)
- Added CMC cert text in SSL>Peering>New Trusted Entity
- Policies>"Policy">SSL>Enable/High/SSL&Secure/Trust All Pre-Configured
- Update Policy
All my SteelHeads now show their peers in a "peering trust" list, so they're all still trusting one another, but the SMC isn't in the peer list... Newly-connected Mobile clients are still showing "sslinner: Trust Failure with Remote Steelhead" errors. Must be missing something, but not sure what...
I found out what I was missing. Didn't have the SteelHead Mobile trust in my peering policy, so I copied the signing cert text from SMC, added it as a Mobile Trust, and now everything appears to be funcitonging correctly and I'm not seeing SSL errors any more.
Basically, add Danny Mongrain 's walk through to the normal setup docs and you're set