DOKK / manpages / debian 10 / corosync-qdevice / corosync-qdevice-net-certutil.8.en
COROSYNC-QDEVICE-NET-CERTUTIL(8) System Manager's Manual COROSYNC-QDEVICE-NET-CERTUTIL(8)

corosync-qdevice-net-certutil - tool to generate qdevice model net TLS certificates

corosync-qdevice-net-certutil [-i|-m|-M|-r|-s|-Q] [-c certificate] [-n cluster_name]

corosync-qdevice-net-certutil is a frontend for NSS certutil used for generating client certificate for the net model of qdevice.

Initialize the QDevice Net NSS certificate database. The default directory for the database is /etc/corosync/qdevice/net/. This directory has to be writable by the current user. It needs the QNetd CA certificate passed as the -c parameter. This certificate can be found on the server running QNetd in the file /etc/corosync/qnetd/nssdb/qnetd-cacert.crt.
Import the cluster certificate and key from a pk12 file.
Generate a certificate request. The certificate request is exported into /etc/corosync/qdevice/net/qdevice-net-node.crq. It is necessary to pass the cluster name using the -n parameter. The cluster name has to match the one defined in /etc/corosync/corosync.conf.
Import a signed certificate and export a certificate with private key into pk12 file.
Use ssh/scp to properly set both corosync-qnetd and corosync-qdevice certificates on all nodes. It's highly recommended that you use an ssh agent, or ssh/scp will keep asking for a password - roughly 8 times the number of nodes.
File with certificate to load.
Name of the cluster.

corosync-qnetd(8) corosync-qdevice(8)

Jan Friesse

2016-06-28