We're working to create an SSIS Scale Out environment with the SSIS Master DB on a Failover Cluster (AG) and two Worker servers. During installation of the Scaleout Master it does create the the Master Certificate, but I'm guessing it's using the machine name and not the listener name for Common Name. I register the certificate created on the Master to the Worker and after installing the Worker service on the Worker Server the logs show this:
[2021-07-01T20:19:14.1095953+00:00] Error when sending agent heartbeat.
System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority '*********:8391'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
I've tried to create a new certificate using New-SelfSignedCertificate with the Listener as the CN and registered this to the Worker server, but I still get the error above. MS has documentation on how to create new certificates - https://docs.microsoft.com/en-us/sql/integration-services/scale-out/deal-with-certificates-in-ssis-scale-out?view=sql-server-ver15 - but this is using MakeCert.exe which is deprecated and not available on the Windows server running our SQL 2019 SISS Master service. Does anyone have documentation showing how to create the appropriate certificate for SSIS Scale Out using New-SelfSignedCertificate? Or maybe some other ideas on what the problem could be? Thanks for advise.