[Csync2] Certificate setup
alex at gluu.org
alex at gluu.org
Thu Jun 16 14:16:00 CEST 2016
Hi, Valentine.
My personal experience with it showed 2 solid ways to go about that
(aside from using the same cert for all nodes, which works fine too):
1. If you build from sources, this is the easiest case - just run
`./make cert` or `./make certs` (can't remember) from the directory
where you are building it, on each node
2. If you install from repo, then you'll need to create them manually.
Full commands are provided in csync's pdf manual, you'll need to run
them on each node. 2 things to note: don't provide anything to openssl
tool when you'll be running this commands, i.e. just hit "Enter" all the
time accepting default values it'll offer to you; then, you must put
certificates in predetermined location as it's hardcoded into
executable; this location may vary from distro to distro, I guess, in my
Ubuntu it was `/etc/` directory.
On 2016-06-16 07:32, Valentin Vidic wrote:
> Hi,
>
> I would like to know what is the expected setup of
> certificates for csync2?
>
> The only setup that works for me is using the same
> certificate on all hosts. If the certs are not
> the same the connection fails with an error on
> the server:
>
> csync2[14532]: SSL: handshake failed: No certificate was found.
> (GNUTLS_E_NO_CERTIFICATE_FOUND)
>
> Looking at the TLS connection the server requests
> the client certificate and uses it's own certificate
> as CA. If the client doesn't have the same cert
> it sends an empty certificate (length = 0).
>
> So it seems it will only work if all the servers
> have the same cert (or same CA). However all the
> documentation I found suggests the certs can be
> generated independently on all hosts and get
> stored on the first connection.
More information about the Csync2
mailing list