1COROSYNC-QNETD-CERTUTIL(8)  System Manager's Manual COROSYNC-QNETD-CERTUTIL(8)
2
3
4

NAME

6       corosync-qnetd-certutil - tool to generate qnetd TLS certificates
7

SYNOPSIS

9       corosync-qnetd-certutil [-i|-s] [-c certificate] [-n cluster_name]
10

DESCRIPTION

12       corosync-qnetd-certutil  is a frontend for the NSS certutil, it is used
13       for generating the QNetd CA (Certificate Authority), server certificate
14       and signing cluster certificate used by corosync-qdevice when using the
15       model 'net'.
16

OPTIONS

18       -i     Initialize the QNetd NSS certificate database and  generate  the
19              QNetd CA and server certificates.  The default directory for the
20              database is /etc/corosync/qnetd. This directory must  be  write‐
21              able  by  the  current  user.  The  QNetd CA certificate is also
22              exported  into  the  file   /etc/corosync/qnetd/nssdb/qnetd-cac‐
23              ert.crt.
24
25       -s     Sign  the cluster certificate. It is necessary to pass the clus‐
26              ter name (as configured in corosync.conf)  and  the  certificate
27              request  file  - see options below.  The signed certificate will
28              be written to the file  /etc/corosync/qnetd/nssdb/cluster-$Clus‐
29              terName.crt
30
31       -c     Certificate request file to sign.
32
33       -n     Name of the cluster.
34

NOTES

36       If  qnetd  is  executed by a non root user, /etc/corosync/qnetd and its
37       subdirectories must be owned by (or have group access  for)  the  given
38       user.  If  corosync-qnetd-certutil is executed as root it tries to copy
39       the owner and group of /etc/corosync/qnetd to all of the created files.
40

SEE ALSO

42       corosync-qnetd(8) corosync-qdevice(8)
43

AUTHOR

45       Jan Friesse
46
47                                  2016-06-28        COROSYNC-QNETD-CERTUTIL(8)
Impressum