Configure one PingAccess node as a replica administrative node to provide an alternative if the administrative node fails.
The key pair that you create for the CONFIG QUERY listener must include both the administrative node and the replica administrative node. To make sure the replica administrative node is included, you can either use a wildcard certificate or define subject alternative names in the key pair that use the replica administrative node's DNS name. For more information, see step 2c in Configuring a PingAccess cluster.
If you use a replica administrative node in your configuration, configure the replica administrative node before defining the engine nodes, or the bootstrap.properties files generated for the engine nodes will not include information about the replica administrative node.