When GridGuard is setup in a cluster, it is important that all the nodes in the cluster use the same certificate. This will ensure that identity assertions sent back from any of the nodes is encrypted using the same certificate. It may also be necessary to export the certificates for storage in a secure certificate store. You can use the steps for exporting & importing certificates to accomplish these needs.
If you are setting up a single GridGuard node for SAML, you may skip all the steps in this section.
Steps to export a certificate
- Identify the certificate to export and select the format. Supported formats include PEM, DER and PKCS12. To export the certificate to provide to a service provider, use the PEM or DER formats. In these formats, only the public key is exported. To export the certificate for safekeeping or for import into another GridGuard appliance, use the PKCS12 format, as this format includes both the private and public keys.
- Click the download button (the down arrow). This will display the 'Export Certificate' dialog
- If the selected format is PKCS12, then you will be asked to specify and confirm a password used to encrypt the certificate. You will need this password when you attempt to import this file.
- Click the 'Download' button to save the certificate
To import a certificate, follow steps below. Note that the certificate being imported needs to be in PKCS12 format for the import to succeed.
- Click the 'Import PKCS12' button
- The 'Import PKCS12 File' dialog is displayed
- Specify a label that will be used to identify the certificate
- Specify the password that was specified when exporting this certificate
- Select the file to import
- Click the 'Import PKCS12' button to import the certificate