|COROSYNC-QDEVICE-NET-CERTUTIL(8)||System Manager's Manual||COROSYNC-QDEVICE-NET-CERTUTIL(8)|
corosync-qdevice-net-certutil - tool to generate qdevice model net TLS certificates
corosync-qdevice-net-certutil [-i|-m|-M|-r|-s|-Q] [-c certificate] [-n cluster_name]
corosync-qdevice-net-certutil is a frontend for NSS certutil used for generating client certificate for the net model of qdevice.
- Initialize the QDevice Net NSS certificate database. The default directory for the database is /etc/corosync/qdevice/net/. This directory has to be writable by the current user. It needs the QNetd CA certificate passed as the -c parameter. This certificate can be found on the server running QNetd in the file /etc/corosync/qnetd/nssdb/qnetd-cacert.crt.
- Import the cluster certificate and key from a pk12 file.
- Generate a certificate request. The certificate request is exported into /etc/corosync/qdevice/net/qdevice-net-node.crq. It is necessary to pass the cluster name using the -n parameter. The cluster name has to match the one defined in /etc/corosync/corosync.conf.
- Import a signed certificate and export a certificate with private key into pk12 file.
- Use ssh/scp to properly set both corosync-qnetd and corosync-qdevice certificates on all nodes. It's highly recommended that you use an ssh agent, or ssh/scp will keep asking for a password - roughly 8 times the number of nodes.
- File with certificate to load.
- Name of the cluster.