On Wed, Mar 25, 2009 at 4:12 PM, Damian Krzeminski <[email protected]> wrote: > Arjun Nair wrote: >> Hi, >> >> I am having some keystore problems when setting up an HA system on rev: >> 14970. The initial setup ("bin/sipxecs-setup") goes fine, but after >> that, every time sipXconfig on the primary tries to execute a XML-RPC >> call to the redundant server, it comes across this error : >> > > [...] > >> >> So, to workaround this, you can use this program -- >> http://blogs.sun.com/andreas/entry/no_more_unable_to_find -- to add the >> distributed servers certificates to your >> "etc/sipxpbx/ssl/authorities.jks" keystore. And then the XML-RPC calls >> start to work normally. >> > > > Something is not right here: all certificates generated for all the servers > in the cluster should be generated with the same CA - at least this is how > it was working in 3.10 and before. > > You should not have to update the truststore on the primary server just > because you added a new distributed server. The distributed server should > retrieve the certs from the master during initial registration process. > > It's possible that it all changed when I was not looking though: Mircea and > Scott should know more about it. > D.
I think that generate-ssl-keys.sh and install-ssl-keys.sh are being run when the secondary servers are being installed and are generating fresh key pairs. These scripts are generating and installing new keys. If there were a way to know that the script is being called for the secondary server, we can avoid generating and installing new keys. That is what I am suspecting. > > > _______________________________________________ > sipx-dev mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev > -- M. Ranganathan _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
