corosync-qnetd-certutil (8) - Linux Manuals
corosync-qnetd-certutil: tool to generate qnetd TLS certificates
Command to display corosync-qnetd-certutil manual in Linux: $ man 8 corosync-qnetd-certutil
NAME
corosync-qnetd-certutil - tool to generate qnetd TLS certificates
SYNOPSIS
corosync-qnetd-certutil [-i|-s] [-c certificate] [-n cluster_name]
DESCRIPTION
corosync-qnetd-certutil
is a frontend for the NSS certutil, it is used for generating the QNetd CA (Certificate Authority),
server certificate and signing cluster certificate used by
corosync-qdevice
when using the model 'net'.
OPTIONS
- -i
-
Initialize the QNetd NSS certificate database and generate the QNetd CA and server certificates.
The default directory for the database is /etc/corosync/qnetd. This directory must be
writeable by the current user. The QNetd CA certificate is also exported into the file
/etc/corosync/qnetd/nssdb/qnetd-cacert.crt.
- -s
-
Sign the cluster certificate. It is necessary to pass the cluster name (as
configured in corosync.conf) and the certificate request file - see options below.
The signed certificate will be written to the
file /etc/corosync/qnetd/nssdb/cluster-$ClusterName.crt
- -c
-
Certificate request file to sign.
- -n
-
Name of the cluster.
NOTES
If qnetd is executed by a non root user, /etc/corosync/qnetd and its subdirectories must be owned by (or have group access for) the given user. If
corosync-qnetd-certutil
is executed as root it tries to copy the owner and group of /etc/corosync/qnetd to all of the created files.
AUTHOR
Jan Friesse