Dear Support Team,

I have an OpManager failover configuration with the following setup:

• Primary Probe: 192.168.0.2
• Secondary Probe: 192.168.0.3
• Virtual IP: 192.168.0.1

I would like to enable HTTPS and configure individual SSL certificates for each probe, ensuring secure access when the system switches between the primary and secondary probes. Additionally, I need guidance on the appropriate common name (CN) or Subject Alternative Names (SANs) for the SSL certificate associated with the virtual IP (192.168.0.1).

Specifically, I would like to clarify:

1. SSL Certificate Implementation: Should each probe have its own SSL certificate, or is it recommended to use a single certificate for all instances, including the virtual IP?
2. Certificate Naming for the Virtual IP: What common name (CN) should be used when generating the SSL certificate for the virtual IP (192.168.0.1)? Should it match the virtual IP address, a fully qualified domain name (FQDN), or another identifier?
3. Configuration Steps: Are there any specific configurations required in server.xml or elsewhere to ensure a smooth transition during a failover while maintaining HTTPS access?
4. Certificate Handling: If separate SSL certificates are used for each probe, how will the virtual IP (192.168.0.1) handle HTTPS requests during a failover?

I would appreciate any best practices or official documentation regarding SSL configuration in a failover environment.

Looking forward to your response.

Best regards,