On Thu, Jun 16, 2016 at 08:16:00AM -0400, a...@gluu.org wrote: > My personal experience with it showed 2 solid ways to go about that (aside > from using the same cert for all nodes, which works fine too): > > 1. If you build from sources, this is the easiest case - just run `./make > cert` or `./make certs` (can't remember) from the directory where you are > building it, on each node > 2. If you install from repo, then you'll need to create them manually. Full > commands are provided in csync's pdf manual, you'll need to run them on each > node. 2 things to note: don't provide anything to openssl tool when you'll > be running this commands, i.e. just hit "Enter" all the time accepting > default values it'll offer to you; then, you must put certificates in > predetermined location as it's hardcoded into executable; this location may > vary from distro to distro, I guess, in my Ubuntu it was `/etc/` directory.
You are right, if I put the same subject on all the hosts the TLS handshake works again. I guess client certificates are requested so the server can store them and connect securely next time in the opposite direction (as a client). -- Valentin _______________________________________________ Csync2 mailing list Csync2@lists.linbit.com http://lists.linbit.com/mailman/listinfo/csync2
