On Thu, Jun 16, 2016 at 08:16:00AM -0400, a...@gluu.org wrote:
> My personal experience with it showed 2 solid ways to go about that (aside
> from using the same cert for all nodes, which works fine too):
> 
> 1. If you build from sources, this is the easiest case - just run `./make
> cert` or `./make certs` (can't remember) from the directory where you are
> building it, on each node
> 2. If you install from repo, then you'll need to create them manually. Full
> commands are provided in csync's pdf manual, you'll need to run them on each
> node. 2 things to note: don't provide anything to openssl tool when you'll
> be running this commands, i.e. just hit "Enter" all the time accepting
> default values it'll offer to you; then, you must put certificates in
> predetermined location as it's hardcoded into executable; this location may
> vary from distro to distro, I guess, in my Ubuntu it was `/etc/` directory.

You are right, if I put the same subject on all the hosts the TLS
handshake works again.  I guess client certificates are requested
so the server can store them and connect securely next time in the
opposite direction (as a client).

-- 
Valentin
_______________________________________________
Csync2 mailing list
Csync2@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/csync2

Reply via email to