 | ||
| Re-establishing WAC communication in global clusters after upgrading to 2048 bit key and SHA256 signature certificates | ||
|---|---|---|
| Prev | Tasks to perform after upgrading to 2048 bit key and SHA256 signature certificates | Next |
| ||
| Re-establishing WAC communication in global clusters after upgrading to 2048 bit key and SHA256 signature certificates | ||
|---|---|---|
| Prev | Tasks to perform after upgrading to 2048 bit key and SHA256 signature certificates | Next |
During the upgrade, the vcsauthserver gets 2048 bit SHA256 certificates and the trust information gets deleted, which causes the WAC communication to break. To establish the communication again, you must set up trust for WAC on each node of every cluster. The remote site has to set up trust with the local site as a new broker certificate is created on the local site. The local site also has to set up trust with the remote site as the trust certificate gets deleted during the upgrade.
Perform the following steps to establish trust between the clusters:
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC; /opt/VRTSvcs/bin/vcsat setuptrust -b IP_address_of_any_node_from_the_second_cluster:14149 -s high
The command obtains and displays the security certificate and other details of the root broker of the second cluster. If the details are correct, enter y at the command prompt to establish trust.
For example: The hash of above credential is b36a2607bf48296063068e3fc49188596aa079bb
Do you want to trust the above?(y/n) y
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC; /opt/VRTSvcs/bin/vcsat setuptrust -b IP_address_of_any_node_from_the_first_cluster:14149 -s high
The command obtains and displays the security certificate and other details of the root broker of the first cluster. If the details are correct, enter y at the command prompt to establish trust.