I had this problem, there is a bug with openssl when using CN, skip this
part when creating the csr file.

   - see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501289




--
Rabin

On Sat, Dec 5, 2015 at 2:42 AM, Alex Zimmerman <azimmer...@everettcc.edu>
wrote:

> Hello,
>
> I am in the process of setting up my first csync2 webserver cluster and it
> is going pretty well, except I cannot seem to get the servers to
> communicate when I enable SSL.
>
> Before filing a bug report, I just want to make sure I am doing everything
> correctly.
> I am running the latest Ubuntu 12.04 package version of csync2
> (1.34-2.2build1).
>
> 1. First I install the csync2 package on both servers in the cluster.
>
> Server1# sudo apt-get install csync2
> Server2# sudo apt-get install csync2
>
> 2. Then I create the certificate file on the primary server.
>
> Server1# sudo openssl genrsa -out /etc/csync2_ssl_key.pem 1024
>
> Server1# sudo openssl req -new -subj '/C=US/ST=Washington/L=Everett' -key
> csync2_ssl_key.pem -out csync2_ssl_cert.csr
>
> Server1# sudo openssl x509 -req -days 600 -in csync2_ssl_cert.csr -signkey
> csync2_ssl_key.pem -out csync2_ssl_cert.pem
>
> 3. After having setup the certificates, I create the csync2 key by
> performing the following:
>
> Server1# sudo csync2 -k /etc/csync2_ssl_cert.key
>
> 4. Next, I edit the configuration file at /etc/csync2.cfg as follows.
>
> group website {
> host Server1;
> host Server2;
>  key /etc/csync2_ssl_cert.key;
>  include /var/www/;
>  include /opt/coldfusion10/cfusion/CustomTags;
>  include /opt/coldfusion10/cfcs;
>  auto none;
> }
>
> 5. Two additional host specific configuration files are then required.
>
> /etc/csync2_Server1.cfg:
>
> group server1 {
>   host Server1;
>   host (Server2);
>   key /etc/csync2_ssl_cert.key;
>   include /var/www/;
>   include /opt/coldfusion10/cfusion/CustomTags;
>   include /opt/coldfusion10/cfcs;
>   auto none;
> }
>
> /etc/csync2_Server2.cfg:
>
> group Server2 {
>   host Server2;
>   host (Server1);
>   key /etc/csync2_ssl_cert.key;
>   include /var/www/;
>   include /opt/coldfusion10/cfusion/CustomTags;
>   include /opt/coldfusion10/cfcs;
>   auto none;
> }
>
> 6. I copy all the configs and certs the first server to rest of the
> servers:
>
> Server1# sudo scp /etc/csync2* admin@Server2:/etc/
>
> 7. Then I copy the directories I specified in the csync2.cfg over scp so
> they are identical before we begin.
>
> 8. Once that is done, I try to run a test by running the following
> commands.
>
> Server2# sudo csync2 -iii -vvvv
> Server1# sudo csync2 -T -vvvv
>
> *---------**Screen Output** Server2--------*
> Server2# sudo csync2 -iii -vvvv
> Csync2 daemon running. Waiting for connections.
> <6905> New connection from 192.168.57.13:46993.
> Peer> SSL\n
> Local> OK (activating_ssl).\n
> <6905> Establishing SSL connection failed.
> *-------End-------*
>
> *-------Screen Output Server1-------*
> Server1# sudo csync2 -T -vvvv
> My hostname is Server1.
> Database-File: /var/lib/csync2/Server1.db
> Config-File:   /etc/csync2.cfg
> Running in-sync check for Server1 <-> Server2.
> Connecting to host Server2 (SSL) ...
> Local> SSL\n
> Peer> OK (activating_ssl).\n
> Establishing SSL connection failed.
> *-------End-------*
>
> Like I mentioned earlier, if I remove SSL it starts working fine.
> Am I missing a step in my setup? or is there another location or log I
> should be looking at?
>
> Any help would be greatly appreciated.
>
> Thank you!
>
> [image: Everett Community College] <http://www.everettcc.edu/>
> Alex Zimmerman / Information Technology Specialist III
> Web Data & Development Services / Enterprise Services / Information
> Security
> Direct line:(425) 259-8724 / Help Desk:(425)388 9333
> email: azimmer...@everettcc.edu  [image: Twitter]
> <http://www.twitter.com/liquidspikes>  [image: Linkedin]
> <http://www.linkedin.com/in/alexzimmerman/>
> *How did I do? Please take a minute to help us improve our IT service by
> completing the *
> *IT Feedback Survey. <http://goo.gl/J3nGC> (http://goo.gl/J3nGC
> <http://goo.gl/J3nGC>)*
> *Thank you!*
>
> _______________________________________________
> Csync2 mailing list
> Csync2@lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
>
>
_______________________________________________
Csync2 mailing list
Csync2@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/csync2

Reply via email to