Hi, Valentine.

My personal experience with it showed 2 solid ways to go about that (aside from using the same cert for all nodes, which works fine too):

1. If you build from sources, this is the easiest case - just run `./make cert` or `./make certs` (can't remember) from the directory where you are building it, on each node 2. If you install from repo, then you'll need to create them manually. Full commands are provided in csync's pdf manual, you'll need to run them on each node. 2 things to note: don't provide anything to openssl tool when you'll be running this commands, i.e. just hit "Enter" all the time accepting default values it'll offer to you; then, you must put certificates in predetermined location as it's hardcoded into executable; this location may vary from distro to distro, I guess, in my Ubuntu it was `/etc/` directory.

On 2016-06-16 07:32, Valentin Vidic wrote:
Hi,

I would like to know what is the expected setup of
certificates for csync2?

The only setup that works for me is using the same
certificate on all hosts. If the certs are not
the same the connection fails with an error on
the server:

  csync2[14532]: SSL: handshake failed: No certificate was found.
(GNUTLS_E_NO_CERTIFICATE_FOUND)

Looking at the TLS connection the server requests
the client certificate and uses it's own certificate
as CA.  If the client doesn't have the same cert
it sends an empty certificate (length = 0).

So it seems it will only work if all the servers
have the same cert (or same CA). However all the
documentation I found suggests the certs can be
generated independently on all hosts and get
stored on the first connection.
_______________________________________________
Csync2 mailing list
Csync2@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/csync2

Reply via email to