Awesome this worked great! Thank you!
*Alex Zimmerman* / Information Technology Specialist IV *Web Data & Development Services / Enterprise Services / Information Security*[image: Twitter] <http://www.twitter.com/liquidspikes> [image: Linkedin] <http://www.linkedin.com/in/alexzimmerman/> ------------------------------ *Direct line: (425)259-8724 <4252598724>IT HelpDesk: (425)388-9333 <4253889333>Email: azimmer...@everettcc.edu <azimmer...@everettcc.edu>* *How did I do?* Please take a minute to help us improve by completing the IT Feedback Survey. (http://goo.gl/J3nGC) Thank you![image: Everett CC logo] <http://www.everettcc.edu> On Mon, Dec 7, 2015 at 3:08 AM, Rabin Yasharzadehe <ra...@isoc.org.il> wrote: > I had this problem, there is a bug with openssl when using CN, skip this > part when creating the csr file. > > - see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501289 > > > > > -- > Rabin > > On Sat, Dec 5, 2015 at 2:42 AM, Alex Zimmerman <azimmer...@everettcc.edu> > wrote: > >> Hello, >> >> I am in the process of setting up my first csync2 webserver cluster and >> it is going pretty well, except I cannot seem to get the servers to >> communicate when I enable SSL. >> >> Before filing a bug report, I just want to make sure I am doing >> everything correctly. >> I am running the latest Ubuntu 12.04 package version of csync2 >> (1.34-2.2build1). >> >> 1. First I install the csync2 package on both servers in the cluster. >> >> Server1# sudo apt-get install csync2 >> Server2# sudo apt-get install csync2 >> >> 2. Then I create the certificate file on the primary server. >> >> Server1# sudo openssl genrsa -out /etc/csync2_ssl_key.pem 1024 >> >> Server1# sudo openssl req -new -subj '/C=US/ST=Washington/L=Everett' -key >> csync2_ssl_key.pem -out csync2_ssl_cert.csr >> >> Server1# sudo openssl x509 -req -days 600 -in csync2_ssl_cert.csr >> -signkey csync2_ssl_key.pem -out csync2_ssl_cert.pem >> >> 3. After having setup the certificates, I create the csync2 key by >> performing the following: >> >> Server1# sudo csync2 -k /etc/csync2_ssl_cert.key >> >> 4. Next, I edit the configuration file at /etc/csync2.cfg as follows. >> >> group website { >> host Server1; >> host Server2; >> key /etc/csync2_ssl_cert.key; >> include /var/www/; >> include /opt/coldfusion10/cfusion/CustomTags; >> include /opt/coldfusion10/cfcs; >> auto none; >> } >> >> 5. Two additional host specific configuration files are then required. >> >> /etc/csync2_Server1.cfg: >> >> group server1 { >> host Server1; >> host (Server2); >> key /etc/csync2_ssl_cert.key; >> include /var/www/; >> include /opt/coldfusion10/cfusion/CustomTags; >> include /opt/coldfusion10/cfcs; >> auto none; >> } >> >> /etc/csync2_Server2.cfg: >> >> group Server2 { >> host Server2; >> host (Server1); >> key /etc/csync2_ssl_cert.key; >> include /var/www/; >> include /opt/coldfusion10/cfusion/CustomTags; >> include /opt/coldfusion10/cfcs; >> auto none; >> } >> >> 6. I copy all the configs and certs the first server to rest of the >> servers: >> >> Server1# sudo scp /etc/csync2* admin@Server2:/etc/ >> >> 7. Then I copy the directories I specified in the csync2.cfg over scp so >> they are identical before we begin. >> >> 8. Once that is done, I try to run a test by running the following >> commands. >> >> Server2# sudo csync2 -iii -vvvv >> Server1# sudo csync2 -T -vvvv >> >> *---------**Screen Output** Server2--------* >> Server2# sudo csync2 -iii -vvvv >> Csync2 daemon running. Waiting for connections. >> <6905> New connection from 192.168.57.13:46993. >> Peer> SSL\n >> Local> OK (activating_ssl).\n >> <6905> Establishing SSL connection failed. >> *-------End-------* >> >> *-------Screen Output Server1-------* >> Server1# sudo csync2 -T -vvvv >> My hostname is Server1. >> Database-File: /var/lib/csync2/Server1.db >> Config-File: /etc/csync2.cfg >> Running in-sync check for Server1 <-> Server2. >> Connecting to host Server2 (SSL) ... >> Local> SSL\n >> Peer> OK (activating_ssl).\n >> Establishing SSL connection failed. >> *-------End-------* >> >> Like I mentioned earlier, if I remove SSL it starts working fine. >> Am I missing a step in my setup? or is there another location or log I >> should be looking at? >> >> Any help would be greatly appreciated. >> >> Thank you! >> >> [image: Everett Community College] <http://www.everettcc.edu/> >> Alex Zimmerman / Information Technology Specialist III >> Web Data & Development Services / Enterprise Services / Information >> Security >> Direct line:(425) 259-8724 / Help Desk:(425)388 9333 >> email: azimmer...@everettcc.edu [image: Twitter] >> <http://www.twitter.com/liquidspikes> [image: Linkedin] >> <http://www.linkedin.com/in/alexzimmerman/> >> *How did I do? Please take a minute to help us improve our IT service by >> completing the * >> *IT Feedback Survey. <http://goo.gl/J3nGC> (http://goo.gl/J3nGC >> <http://goo.gl/J3nGC>)* >> *Thank you!* >> >> _______________________________________________ >> Csync2 mailing list >> Csync2@lists.linbit.com >> http://lists.linbit.com/mailman/listinfo/csync2 >> >> >
_______________________________________________ Csync2 mailing list Csync2@lists.linbit.com http://lists.linbit.com/mailman/listinfo/csync2
