A cluster is a group of linked systems. As an example, a cluster can be comprised of a group of linked computers that are programmed to work together. Many clusters are deployed to improve performance and availability over that of a single system. Before joining a cluster, the identity of a system needs to be authenticated such that the system can join the cluster, and there are a variety of different certificate-based authentication systems that can provide such services.
Many traditional certificate-based authentication systems are configured with a digital certificate for all the members with which the system has to communicate securely. Even though this type of authentication can be used for an extended period of time for many communication sessions, such traditional certificate-based authentication systems can be difficult to scale. For example, in order to construct a cluster of systems in which any member of the cluster may securely communicate with each other, each pair of systems within the cluster must be separately and manually configured for secure communication. However, adding or removing a system from the cluster becomes increasing tedious as every other system within the cluster must have its configuration manually and separately updated.
Additionally, traditional certificate-based authentication systems are typically based on a hierarchal structure where the certification authority is located at the top of the hierarchical structure while subclusters (or subgroups) of digital certificates are located at the bottom of the hierarchical structure. For any certificate authentication used in establishing a secure communication, authentication must be conducted from the bottom to the top of the hierarchical structure. That is, authentication must be conducted along the entire chain of trust. As an example, a web browser has to be able to communicate and reach the systems at the top of the hierarchical structure along a chain of trust to authenticate that none of the parent certificates have expired. Accordingly, such authentication can be time consuming because authentication needs to involve all systems in the chain of trust. Furthermore, in any authentication operation, many or all the systems in the chain of trust need to be online and reachable. Accordingly, such authentication can be unreliable because authentication cannot be conducted if any one system in the chain of trust becomes unreachable.