I had this problem, there is a bug with openssl when using CN, skip this part when creating the csr file.
- see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501289 -- Rabin On Sat, Dec 5, 2015 at 2:42 AM, Alex Zimmerman <azimmer...@everettcc.edu> wrote: > Hello, > > I am in the process of setting up my first csync2 webserver cluster and it > is going pretty well, except I cannot seem to get the servers to > communicate when I enable SSL. > > Before filing a bug report, I just want to make sure I am doing everything > correctly. > I am running the latest Ubuntu 12.04 package version of csync2 > (1.34-2.2build1). > > 1. First I install the csync2 package on both servers in the cluster. > > Server1# sudo apt-get install csync2 > Server2# sudo apt-get install csync2 > > 2. Then I create the certificate file on the primary server. > > Server1# sudo openssl genrsa -out /etc/csync2_ssl_key.pem 1024 > > Server1# sudo openssl req -new -subj '/C=US/ST=Washington/L=Everett' -key > csync2_ssl_key.pem -out csync2_ssl_cert.csr > > Server1# sudo openssl x509 -req -days 600 -in csync2_ssl_cert.csr -signkey > csync2_ssl_key.pem -out csync2_ssl_cert.pem > > 3. After having setup the certificates, I create the csync2 key by > performing the following: > > Server1# sudo csync2 -k /etc/csync2_ssl_cert.key > > 4. Next, I edit the configuration file at /etc/csync2.cfg as follows. > > group website { > host Server1; > host Server2; > key /etc/csync2_ssl_cert.key; > include /var/www/; > include /opt/coldfusion10/cfusion/CustomTags; > include /opt/coldfusion10/cfcs; > auto none; > } > > 5. Two additional host specific configuration files are then required. > > /etc/csync2_Server1.cfg: > > group server1 { > host Server1; > host (Server2); > key /etc/csync2_ssl_cert.key; > include /var/www/; > include /opt/coldfusion10/cfusion/CustomTags; > include /opt/coldfusion10/cfcs; > auto none; > } > > /etc/csync2_Server2.cfg: > > group Server2 { > host Server2; > host (Server1); > key /etc/csync2_ssl_cert.key; > include /var/www/; > include /opt/coldfusion10/cfusion/CustomTags; > include /opt/coldfusion10/cfcs; > auto none; > } > > 6. I copy all the configs and certs the first server to rest of the > servers: > > Server1# sudo scp /etc/csync2* admin@Server2:/etc/ > > 7. Then I copy the directories I specified in the csync2.cfg over scp so > they are identical before we begin. > > 8. Once that is done, I try to run a test by running the following > commands. > > Server2# sudo csync2 -iii -vvvv > Server1# sudo csync2 -T -vvvv > > *---------**Screen Output** Server2--------* > Server2# sudo csync2 -iii -vvvv > Csync2 daemon running. Waiting for connections. > <6905> New connection from 192.168.57.13:46993. > Peer> SSL\n > Local> OK (activating_ssl).\n > <6905> Establishing SSL connection failed. > *-------End-------* > > *-------Screen Output Server1-------* > Server1# sudo csync2 -T -vvvv > My hostname is Server1. > Database-File: /var/lib/csync2/Server1.db > Config-File: /etc/csync2.cfg > Running in-sync check for Server1 <-> Server2. > Connecting to host Server2 (SSL) ... > Local> SSL\n > Peer> OK (activating_ssl).\n > Establishing SSL connection failed. > *-------End-------* > > Like I mentioned earlier, if I remove SSL it starts working fine. > Am I missing a step in my setup? or is there another location or log I > should be looking at? > > Any help would be greatly appreciated. > > Thank you! > > [image: Everett Community College] <http://www.everettcc.edu/> > Alex Zimmerman / Information Technology Specialist III > Web Data & Development Services / Enterprise Services / Information > Security > Direct line:(425) 259-8724 / Help Desk:(425)388 9333 > email: azimmer...@everettcc.edu [image: Twitter] > <http://www.twitter.com/liquidspikes> [image: Linkedin] > <http://www.linkedin.com/in/alexzimmerman/> > *How did I do? Please take a minute to help us improve our IT service by > completing the * > *IT Feedback Survey. <http://goo.gl/J3nGC> (http://goo.gl/J3nGC > <http://goo.gl/J3nGC>)* > *Thank you!* > > _______________________________________________ > Csync2 mailing list > Csync2@lists.linbit.com > http://lists.linbit.com/mailman/listinfo/csync2 > >
_______________________________________________ Csync2 mailing list Csync2@lists.linbit.com http://lists.linbit.com/mailman/listinfo/csync2