Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Mar 17, 2015

CA and Identity certs locations

Hi,

 

According to for example SOL13946locations for mentioned certs are:

 

  • /config/ssl/ssl.crt/dtdi.crt - Identity
  • /config/ssl/ssl.crt/dtca.crt - CA

I checked this location on Active unit of Active/Standby pair (11.2.0). No such files there.

 

However I was able to find this files (or instances?) in /config/filestore/files_d/Common_d/trust_certificate_d/:

 

  • :Common:dtdi.crt_26612_1 - Identity
  • :Common:dtca.crt_26603_1 - CA

On Standby unit certs are in location specified by SOL. I was nor t able to find any info about this movement of certs on Active - is that by design for HA pair?

 

Piotr

 

9 Replies

  • Seems that it's not state of the device (Active/Standby) that is responsible for different location of certs. After failover nothing changed, only former Standby have certs in location specified by SOL as well as location I mentioned for former Active. So I am puzzled why there are no certs in location specified by SOL on one device but they are on another. Piotr
  • i understand we are using the one in filestore but i do not remember where i have read. :)

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Hmm, so sol is wrong about locations? HA is working without issue, trust can be removed and created but on one device there are no certs in location specified by sol - I ma curious what was the reason for removing certs from would be "default" location. Piotr
    • nitass_89166's avatar
      nitass_89166
      Icon for Noctilucent rankNoctilucent
      i understand it is changed to support introducing of filestore.
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      OK, I found some references, it's pity that there is no explanation of changes in DSC docs. Piotr
  • i understand we are using the one in filestore but i do not remember where i have read. :)

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Hmm, so sol is wrong about locations? HA is working without issue, trust can be removed and created but on one device there are no certs in location specified by sol - I ma curious what was the reason for removing certs from would be "default" location. Piotr
    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      i understand it is changed to support introducing of filestore.
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      OK, I found some references, it's pity that there is no explanation of changes in DSC docs. Piotr