Replicate the SSL Certificate on Failover and Atlas Appliances
Bomgar allows you to use additional Bomgar Appliances for failover or for load balancing. If you intend to use additional Bomgar Appliances in your setup, it is important that each additional appliance is properly secured by an SSL certificate.
In a failover setup, the primary and backup appliances must have identically matching SSL certificates for failover to be successful. Otherwise, in the event of failover, the backup appliance will be unable to connect to any Bomgar software clients. Therefore, you should create a CA-signed certificate the supports each appliance's unique hostname as well as your support site hostname. Replicate this certificate on both the primary and the backup appliances.
Additionally, if you plan to use an Atlas setup, it is recommended that you use a wildcard certificate that covers both your Bomgar support site name and each traffic node hostname. If you do not use a wildcard certificate, then adding traffic nodes that use different certificates may require a rebuild of the Bomgar software in order to provide full support. Therefore, you should create a CA-signed wildcard certificate that supports all of the hostnames used in your Atlas setup. Replicate this certificate on each of your Atlas clustered appliances.
To replicate an SSL certificate, follow the instructions below:
- On the primary appliance, log into the /appliance interface. Go to Security > Certificates.
- In the Security :: Certificates section, check the box beside the certificate that is assigned to the active IP address. Then, from the dropdown menu at the top of this section, select Export.
- On the Security :: Certificates :: Export page, check the options to include the certificate, the private key, and the certificate chain. It is strongly recommended that you set a passphrase for the private key.
- On the backup appliance, log into the /appliance interface. Go to Security > Certificates.
- In the Security :: Certificate Installation section, click the Import button.
- Browse to the certificate file you just exported from the primary appliance. If a passphrase was assigned to the file, enter it in the Password field. Then click Upload.
- The imported certificate chain should now appear in the Security :: Certificates section.
- Click the name of the newly imported server certificate. The Subject Name and/or a Subject Alternative Name should match the hostname of this appliance.
- At the bottom of the page, select the IP addresses to which to apply this certificate. These IP addresses should include the active IP address and, if applicable, the shared IP address.
- Then click Save Configuration.
- This certificate will now serve as the SSL certificate on this appliance for the IP addresses you selected.
- Repeat steps 4-11 for each additional clustered appliance.