In a load balanced or clustered environment a wildcard must be used in the certificate name in order to match the servers to be load balanced or that make up the cluster. This may be difficult if there are other servers similarly named in your environment which you do not wish to have included. To resolve this issue, make use of the Virtual host name entry when configuring the Service:
- Given two servers: 'Server1.fqdn' and 'Server2.fqdn'
- Download one (1) SSL Certificate with the name "CPMService.fqdn" and distribute the certificate to both machines (Server1 and Server2)
- In the Service Configuration Tool, assign the Virtual host name "CPMService.fqdn"
- During Agent installation use "CPMService.fqdn" when prompted for the Service name
This arrangement should work correctly for all uses of the Service.
Basic rules to follow when configuring clustering:
- Distribute PrivateKeyCert.cert, PublicKeyCert.cert, AKR.dat, Prov.dat, etc. across all machines using the "CtxMoveServiceData" utility for transfer
- In general, follow the guidance in the Citrix® Password Manager Installation Guide and Password Manager Administrator's guide for migrating the Service
