[ClusterLabs] PCSD Certificate

Tomas Jelinek tojeline at redhat.com
Mon Jul 10 08:59:34 EDT 2017

Dne 6.7.2017 v 07:41 BUVI napsal(a):
> Hi,
> I would like to know, why certiticate is created in pacemaker


The certificate is not created by pacemaker. It's created by pcsd. It 
serves for encrypting network communication with pcsd, that is access to 
web UI and node-to-node communication.

> and what will happen if it expires ?

I suppose your browser will complain about the certificate being 
expired. If that happens (or at any other time) you can replace the 
certificate with your own using the "pcs pcsd certkey" command. Or 
delete the certificate on one node and restart pcsd there to make it 
generate a fresh certificate and then sync it to other nodes with the 
"pcs pcsd sync-certificates" command.


> Thanks and Regards,*
> Bhuvanesh Kumar .G
> *
> Linux and Email Administrator*
> *
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> http://lists.clusterlabs.org/mailman/listinfo/users
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org

More information about the Users mailing list