Perfect it works. I think it was a combination of the CN of the quorum server and me missing the serials.
Will update the wiki thanks ! > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Zhen Huang > Sent: May 12, 2007 9:33 AM > To: General Linux-HA mailing list > Subject: Re: [Linux-HA] Quorumd TLS > > Sorry, only the CN of the client cert (which is installed in > your heartbeat nodes) should be same as your cluster name. > > On 5/12/07, Zhen Huang <[EMAIL PROTECTED]> wrote: > > Hi, Benjamin, > > > > Please try the certs in the attachment. > > To use those certs, you have to change the name of your > cluster to "MyCluster". > > > > Or you can modify the template files in the attachment then > use them > > when you use the certtool (with --template xxx.tmp). > > Please note that the CN in both client and server cert > should be same > > as the cluster name. > > > > Tell me the result. Thanks! > > > > On 5/10/07, Benjamin Lawetz <[EMAIL PROTECTED]> wrote: > > > I've been trying to get the quorum server to work for the past > > > couple of days. But whenever I launch heartbeat I juste > get on the > > > quorumd server > > > logs: > > > May 8 14:50:42 quorumd: [10151]: WARN: handshake failed May 8 > > > 14:50:42 quorumd: [10151]: ERROR: on_listen tls handshake failed > > > > > > I'm sure it's a stupid problem with the x.509 certificates, but > > > tried and retried to generate them but to no avail. > > > > > > I've tried looking at the heartbeat logs, but there's so much > > > information and I don't know what I'm looking for. The only part > > > that might match would > > > be: > > > > > > May 8 14:50:44 crmd: [3455]: info: mem_handle_event: Got > an event > > > OC_EV_MS_INVALID from ccm May 8 14:50:44 crmd: [3455]: info: > > > mem_handle_event: instance=35, nodes=2, new=2, lost=0, n_idx=0, > > > new_idx=0, old_idx=4 May 8 14:50:44 crmd: [3455]: info: > > > crmd_ccm_msg_callback: Quorum lost after event=INVALID > (id=35) May > > > 8 14:50:44 crmd: [3455]: ERROR: do_ccm_update_cache: 2 nodes w/o > > > quorum > > > > > > Is there anything essential I might have missed in the > certificate > > > creationg? I followed the direction from here: > > > http://www.linux-ha.org/QuorumServerGuide > > > > > > I set the common name to the name of the cluster (the one > that shows > > > up in /etc/ha.d/quorumd.conf). I did not set a password > for the certificates. > > > Certtool asks alot of questions, answered to the best of > my knowledge... > > > > > > I will update the wiki once I figure this out ! > > > > > > -- > > > Benjamin > > > TéliPhone inc. > > > > > > > > > -------------- > > > N'envoyé pas de courriel à l'adresse qui suit, sinon vous serez > > > automatiquement mis sur notre liste noire. > > > [EMAIL PROTECTED] > > > Do not send an email to the email above or you will > automatically be > > > blacklisted. > > > > > > _______________________________________________ > > > Linux-HA mailing list > > > [email protected] > > > http://lists.linux-ha.org/mailman/listinfo/linux-ha > > > See also: http://linux-ha.org/ReportingProblems > > > > > > > > > -- > > Best Regards, > > Huang Zhen (zhenh) > > http://www.linux-ha.org/HuangZhen > > > > > > > -- > Best Regards, > Huang Zhen (zhenh) > http://www.linux-ha.org/HuangZhen > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
