Dear, We are using pacemaker in order to configure a kvm cluster
Our security has detected that we are using on servers an invalid certificate (self signed) and has asked us to solve the problem Can you please tell me how I can solve this problem (by issuing ourselves via our pki a certificate that will be not anymore self-signed)? I know how to request the new certificate but I have no idea about how I can replace it Can you help us? Thanks Pascal Duray Some details [root@bpmon0001kv pcsd]# rpm -q pcs pcs-0.9.158-6.el7.centos.1.x86_64 [root@bpmon0001kv pcsd]# rpm -q ruby ruby-2.0.0.648-33.el7_4.x86_64 [root@bpmon0001kv pcsd]# [root@bpmon0001kv pcsd]# netstat -laputen | grep 2224 tcp 32 0 172.18.232.41:47488 172.18.232.42:2224 CLOSE_WAIT 0 63383048 1522/ruby tcp 0 0 172.18.232.41:47508 172.18.232.42:2224 ESTABLISHED 0 63384499 1522/ruby tcp 32 0 172.18.232.41:52588 172.18.232.41:2224 CLOSE_WAIT 0 63386729 1522/ruby tcp 0 0 172.18.232.41:52604 172.18.232.41:2224 ESTABLISHED 0 63389002 1522/ruby tcp6 0 0 :::2224 :::* LISTEN 0 27712 1522/ruby tcp6 0 0 172.18.232.41:2224 172.18.232.41:52588 FIN_WAIT2 0 0 - tcp6 0 0 172.18.232.41:2224 172.18.232.41:52604 ESTABLISHED 0 63386603 1522/ruby tcp6 0 0 172.18.232.41:2224 172.18.232.42:49012 FIN_WAIT2 0 0 - [root@bpmon0001kv pcsd]# ps -ef | grep 1522 root 1522 1 0 May15 ? 00:14:24 /usr/bin/ruby /usr/lib/pcsd/pcsd > /dev/null & [root@bpmon0001kv pcsd]# curl -vvI https://localhost:2224 * About to connect() to localhost port 2224 (#0) * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 2224 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=bpmon0001kv.unix.banksys.be,OU=pcsd,O=pcsd,L=Minneapolis,ST=MN,C=US * start date: Mar 09 13:03:11 2017 GMT * expire date: Mar 07 13:03:11 2027 GMT * common name: bpmon0001kv.unix.banksys.be * issuer: CN=bpmon0001kv.unix.banksys.be,OU=pcsd,O=pcsd,L=Minneapolis,ST=MN,C=US * NSS error -8156 (SEC_ERROR_CA_CERT_INVALID) * Issuer certificate is invalid. * Closing connection 0 curl: (60) Issuer certificate is invalid. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ************************************************************************************************ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, equensWorldline' or Worldline group's liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.
_______________________________________________ Users mailing list: Users@clusterlabs.org https://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
