Am Montag, 4. Februar 2008 13:09 schrieb Dejan Muhamedagic: (...) > > Hi, > > > > I found the thread from May 9th of this list. Somebody having the same > > problems. I used the sample certificates of that post, but still no > > success. Strange! > > You can test the TLS communication using the openssl tools > (openssl s_client/s_server). They should tell you what's wrong. > One typical problem is name resolution, i.e. the parties > communicating have to resolve to exactly the names in the > certificates (reverse name resolution).
openssl s_client/s_server works good. Even when I start quorumd on the tie breaker and connect to that machine with opessl s_client -connect xen04:5561 -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem -showcerts it works. The client tells me: CONNECTED(00000003) When I start heartbeat on the node it failes. Strange... Name resolution: The CN of the client certificate should be the name of the clsuter (i.e. MyCluster), see docs. The reverse name resolution would always point to the name of the node. These both names would always differ. So this cannot be the problem. What do I do wrong using the sample certificates of zhenh? What does this error mean? Is there any better debugging inside quorumd? -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype:misch42 _______________________________________________ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
