When using a Security Proxy
If you are using a Security Proxy server, you must also import the certificates for all of the remote MSS Administrative Servers to each Security Proxy server. Use the Security Proxy Wizard to import these certificates.
When you create a secure session that connects to a Security Proxy server, the session is thereafter linked to this specific Security Proxy.
When this session is replicated to other servers in the cluster, the session is then initiated from a different MSS Administrative Server, but the session itself will still connect to the original Security Proxy for which it was configured.
If client authorization is enabled on the Security Proxy server, then the Security Proxy server will only accept connections from sessions initiated from the MSS Administrative Servers it trusts. That is, their certificates are in the Security Proxy Trusted Certificate list.
In order for connections from replicated servers to succeed in this environment, the certificates from every MSS Server in the cluster need to be imported to the Security Proxy server. If there are multiple Security Proxy Servers in the cluster, then this operation needs to be done on each of these Security Proxy Servers.