Re: [ClusterLabs] PCSD Certificate
Dne 6.7.2017 v 07:41 BUVI napsal(a): Hi, I would like to know, why certiticate is created in pacemaker Hi, The certificate is not created by pacemaker. It's created by pcsd. It serves for encrypting network communication with pcsd, that is access to web UI and node-to-node communication. and what will happen if it expires ? I suppose your browser will complain about the certificate being expired. If that happens (or at any other time) you can replace the certificate with your own using the "pcs pcsd certkey" command. Or delete the certificate on one node and restart pcsd there to make it generate a fresh certificate and then sync it to other nodes with the "pcs pcsd sync-certificates" command. Regards, Tomas Thanks and Regards,* Bhuvanesh Kumar .G * Linux and Email Administrator* * ___ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org ___ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [ClusterLabs] PCSD Certificate
I don't know what can happen, if the ssl expired, but looking in /usr/lib/pcsd/ssl.rb I found the function. def generate_cert_key_pair(server_name) name = "/C=US/ST=MN/L=Minneapolis/O=pcsd/OU=pcsd/CN=#{server_name}" ca = OpenSSL::X509::Name.parse(name) key = OpenSSL::PKey::RSA.new(2048) crt = OpenSSL::X509::Certificate.new crt.version = 2 crt.serial = ((Time.now).to_f * 1000).to_i crt.subject = ca crt.issuer = ca crt.public_key = key.public_key crt.not_before = Time.now crt.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 year crt.sign(key, OpenSSL::Digest::SHA256.new) return crt, key end 2017-07-06 7:41 GMT+02:00 BUVI: > Hi, > > I would like to know, why certiticate is created in pacemaker and what > will happen if it expires ? > > > Thanks and Regards, > > > *Bhuvanesh Kumar .G* > Linux and Email Administrator > > > > ___ > Users mailing list: Users@clusterlabs.org > http://lists.clusterlabs.org/mailman/listinfo/users > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org > > -- .~. /V\ // \\ /( )\ ^`~'^ ___ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
[ClusterLabs] PCSD Certificate
Hi, I would like to know, why certiticate is created in pacemaker and what will happen if it expires ? Thanks and Regards, *Bhuvanesh Kumar .G* Linux and Email Administrator ___ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org