Use > Hardening > High Availability Hardening > Cluster Authentication

Cluster Authentication

To enable cluster authentication:

  1. In UCMDB, go to Administration > Infrastructure Settings Manager.
  2. Find the setting Enable joining High Availability cluster authentication and set it to true.
  3. Provide a single server authentication keystore (certificate + private and public keys) in JKS format. This keystore will be placed on all the servers and used for authenticating when connecting to a high availability cluster.

    Place the keystore in the following location: <UCMDB_install_dir>\conf\security and name it cluster.authentication.keystore.

    Note The UCMDB comes with this keystore pre-configured out-of-the-box. This keystore is the same for all clean UCMDB installations, and thus not secure. If you wish to securely authenticate join requests, delete this file and create a new one.

  4. Generate a cluster authentication keystore as follows:

    1. From C:\UCMDB\UCMDBServer\bin\jre\bin, run the following command:

      keytool -genkey -alias hpcert –keystore <UCMDB_install_dir>\conf\security\cluster.authentication.keystore -keyalg RSA

      The console dialog box opens and asks you for a new keystore password.

    2. The default password is hppass. If you want to use a different password, update the server by running the following JMX method: UCMDB:service=High Availability Services: changeClusterAuthenticationKeystorePassword

    3. In the console dialog box, answer the question What is your first and last name? by entering the name of the cluster.
    4. Enter the other parameters according to your organization's details.
    5. Enter a key password. The key password must be the same as the keystore password.

      A JKS keystore is created in <UCMDB_install_dir>\conf\security\cluster.authentication.keystore

  5. Replace the old <UCMDB_install_dir>\conf\security\cluster.authentication.keystore on all the servers in the cluster with the new keystore.

  6. Restart all the servers in the cluster.