Method to establish an application level SSL certificate hierarchy between master node and capacity nodes based on hardware level certificate hierarchy

What is claimed is: 1. In a computing cluster comprising a cluster manager and a plurality of nodes, each node comprising a management platform, an application, and a host operating system (OS), a method of mutual authentication for joining a new node to the cluster, comprising: adding a node serial number of the new node onto a white list of the cluster manager; adding an internet protocol (IP) address and a cluster manager serial number of the cluster manager on the new node; performing a mutual authentication, comprising: authenticating the new node to the cluster manager by: sending a request to join the cluster from the new node to the cluster manager, the request including the node serial number from the new node, receiving a first challenge for a first server certificate from the cluster manager to the new node, wherein a first application of the new node sends a first server certificate request to a first remote access controller (iDRAC) of the new node through a first service module (SM) of the new node, wherein the first SM sends the first server certificate request to the first iDRAC, wherein the first iDRAC forwards the first server certificate to the first SM, wherein the first iDRAC is external access is locked, as only the first SM has an unique random password to communicate with the first iDRAC, and receiving the first server certificate from the first SM, sending the first server certificate with a first public key from the new node to the cluster manager; and verifying at the cluster manager that the node serial number from the new node is listed in the white list and, upon verification, adding the new node to a cluster manager trust store; authenticating the cluster manager to the new node by: receiving a second challenge for a second server certificate from the new node to the cluster manager, wherein a second application of the cluster manager sends the second server certificate request to a second iDRAC through a second SM of the cluster manager, wherein the second SM sends the second server certificate request to the second iDRAC of the cluster manager, wherein the second iDRAC forwards the second server certificate to the second SM, wherein the second iDRAC external access is locked, as only the second SM has an unique random password to communicate with the second iDRAC, receiving the second server certificate from the second SM, and sending from the cluster manager the second server certificate with a second public key and the cluster manager serial number to the new node, and verifying at the new node that the cluster manager serial number sent from the cluster manager matches the cluster manager serial number added with the IP address on the new node, and, upon verification, adding the cluster manager to a node trust store. 2. The method of claim 1 , wherein sending a request to join the cluster comprises sending a node certificate embedded in the new node, wherein the node certificate includes the node serial number and wherein the node certificate is from the remote access controller upon request. 3. The method of claim 2 , wherein sending from the cluster manager the cluster manager serial number comprises sending a server certificate including the cluster manager serial number, wherein the server certificate is from the remote access controller upon request. 4. The method of claim 3 , further comprising establishing secure communication between the new node and the cluster manager. 5. The method of claim 4 , wherein establishing secure communication comprises the steps of: a. generating a manager hash at the cluster manager and signing the manager hash using a manager private key into a cluster manager digital signature; b. sending the cluster manager digital signature to the new node and at the new node verifying the cluster manager digital signature using a manager public key; c. generating a node hash at the new node and signing the node hash using a node private key into a new node digital signature; d. sending the new node digital signature to the cluster manager and at the cluster manager verifying the new node digital signature using a node public key. 6. The method of claim 5 , further comprising sending a request to the cluster manager to sign application certificate. 7. The method of claim 6 , wherein sending the request comprises the steps of: a. generating application certificate at the new node; b. creating a certificate signing request; c. sending the certificate signing request to the cluster manager; d. using a root certificate authority of the cluster manager to sign the application certificate. 8. The method of claim 7 , further comprising sending a request for cluster manager's root certificate authority certificate and adding the root certificate authority certificate to a trust store of the new node. 9. The method of claim 8 , further comprising adding the new node to the cluster after signing the application certificate. 10. A system comprising: a computing cluster having one or more processors and a cluster manager; and a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to: perform a mutual authentication, comprising: receive a request from a new node to join the computing cluster; send a first challenge for a first server certificate to the new node, wherein a first application of the new node sends a first server certificate request to a first remote access controller (iDRAC) of the new node through a first service module (SM) of the new node, wherein the first SM sends the first server certificate request to the first iDRAC, wherein the first iDRAC forwards the first server certificate to the first SM, wherein the first application of the new node receives the first server certificate from the first SM, receive the first server certificate with a first public key from the new node to the cluster manager verify that a new node identifier (ID) sent by the new node matches an ID stored in a white list of the cluster manager, wherein the new node ID comprises a node serial number; when the new node ID match the ID stored in the white list, add the new node to a trust store of the cluster manager; receive a second challenge for a second server certificate from the new node; send a request for the second server certificate to a second iDRAC through a second SM, wherein the second SM sends the second server certificate request to the second iDRAC, wherein the second iDRAC forwards the second certificate to the second SM, wherein the second RAC iDRAC is external access is locked, as only the second SM has an unique random password to communicate with the second iDRAC; receive the second server certificate from the second SM; send the second server certificate with a second public key to the new node. 11. The system of claim 10 , wherein the cluster manager comprises an embedded certificate of root certificate authority. 12. The system of claim 11 , wherein the plurality of instructions, when executed, further cause the one or more processors to execute the steps: a. after receiving the request, sending to the new node a challenge for a certificate; and, b. receiving in response a node certificate which includes the node serial number of the new node. 13. The system of claim 12 , wherein the plurality of instructions, when executed, further cause the one or more processors to: generate a hash of a prior handshake message; sign the hash of the prior handshake message using a cluster manager private key into a manager digital signature; and, send the manager digital signature to