In this approach, implement an RRSF trust policy for TCP/IP node connections by creating an internal certificate-authority (CA) certificate that you will use to sign an individual server certificate for each TCP/IP node connection in your RRSF network.

Remember: Be sure to use this CA certificate to sign only server certificates for RRSF nodes.

For each node, you will also create a key ring to hold only the node's server certificate and the signing CA certificate. For a multisystem node, a single server certificate and key ring are shared among the member systems.