COROSYNC-QDEVICE-NET-CERTUTIL(8) | System Manager's Manual | COROSYNC-QDEVICE-NET-CERTUTIL(8) |
NAME¶
corosync-qdevice-net-certutil - tool to generate qdevice model net TLS certificates
SYNOPSIS¶
corosync-qdevice-net-certutil [-i|-m|-M|-r|-s|-Q] [-c certificate] [-n cluster_name]
DESCRIPTION¶
corosync-qdevice-net-certutil is a frontend for NSS certutil used for generating client certificate for the net model of qdevice.
OPTIONS¶
- -i
- Initialize the QDevice Net NSS certificate database. The default directory for the database is /etc/corosync/qdevice/net/. This directory has to be writable by the current user. It needs the QNetd CA certificate passed as the -c parameter. This certificate can be found on the server running QNetd in the file /etc/corosync/qnetd/nssdb/qnetd-cacert.crt.
- -m
- Import the cluster certificate and key from a pk12 file.
- -r
- Generate a certificate request. The certificate request is exported into /etc/corosync/qdevice/net/qdevice-net-node.crq. It is necessary to pass the cluster name using the -n parameter. The cluster name has to match the one defined in /etc/corosync/corosync.conf.
- -M
- Import a signed certificate and export a certificate with private key into pk12 file.
- -Q
- Use ssh/scp to properly set both corosync-qnetd and corosync-qdevice certificates on all nodes. It's highly recommended that you use an ssh agent, or ssh/scp will keep asking for a password - roughly 8 times the number of nodes.
- -c
- File with certificate to load.
- -n
- Name of the cluster.
SEE ALSO¶
AUTHOR¶
Jan Friesse
2016-06-28 |