Re: [ClusterLabs] PCSD Certificate
Dne 6.7.2017 v 07:41 BUVI napsal(a): Hi, I would like to know, why certiticate is created in pacemaker Hi, The certificate is not created by pacemaker. It's created by pcsd. It serves for encrypting network communication with pcsd, that is access to web UI and node-to-node communication. and what will happen if it expires ? I suppose your browser will complain about the certificate being expired. If that happens (or at any other time) you can replace the certificate with your own using the "pcs pcsd certkey" command. Or delete the certificate on one node and restart pcsd there to make it generate a fresh certificate and then sync it to other nodes with the "pcs pcsd sync-certificates" command. Regards, Tomas Thanks and Regards,* Bhuvanesh Kumar .G * Linux and Email Administrator* * ___ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org ___ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [ClusterLabs] PCSD Certificate
I don't know what can happen, if the ssl expired, but looking in
/usr/lib/pcsd/ssl.rb I found the function.
def generate_cert_key_pair(server_name)
name = "/C=US/ST=MN/L=Minneapolis/O=pcsd/OU=pcsd/CN=#{server_name}"
ca = OpenSSL::X509::Name.parse(name)
key = OpenSSL::PKey::RSA.new(2048)
crt = OpenSSL::X509::Certificate.new
crt.version = 2
crt.serial = ((Time.now).to_f * 1000).to_i
crt.subject = ca
crt.issuer = ca
crt.public_key = key.public_key
crt.not_before = Time.now
crt.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 year
crt.sign(key, OpenSSL::Digest::SHA256.new)
return crt, key
end
2017-07-06 7:41 GMT+02:00 BUVI :
> Hi,
>
> I would like to know, why certiticate is created in pacemaker and what
> will happen if it expires ?
>
>
> Thanks and Regards,
>
>
> *Bhuvanesh Kumar .G*
> Linux and Email Administrator
>
>
>
> ___
> Users mailing list: Users@clusterlabs.org
> http://lists.clusterlabs.org/mailman/listinfo/users
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>
>
--
.~.
/V\
// \\
/( )\
^`~'^
___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
[ClusterLabs] PCSD Certificate
Hi, I would like to know, why certiticate is created in pacemaker and what will happen if it expires ? Thanks and Regards, *Bhuvanesh Kumar .G* Linux and Email Administrator ___ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
