Hello all,
I've 2 Clearos systems and I'd like to synchronize them. So I've a master and a slave. Ldap and windows domain is synchronizing and this is good. I'd like to go futher now with my slave configuring flexshare and certificate but the certificate are not sychronizing; I always have the same message : The system is waiting for a connection to the master node.
I started the sync process 2 days ago... can I do something to force the certificate sync ?
Thanks to all for your help
I've 2 Clearos systems and I'd like to synchronize them. So I've a master and a slave. Ldap and windows domain is synchronizing and this is good. I'd like to go futher now with my slave configuring flexshare and certificate but the certificate are not sychronizing; I always have the same message : The system is waiting for a connection to the master node.
I started the sync process 2 days ago... can I do something to force the certificate sync ?
Thanks to all for your help
Share this post:
Accepted Answer
Please can you do a "yum update app-certificate-manager --enablerepo=clearos-updates" or just run /usr/clearos/apps/certificate_manager/deploy/upgrade. Something has stomped on the /etc/pki/CA/private permissions which the last release of app-certficate manager fixed. All this release does is bump the version which re-runs the upgrade script.
If one of your machines is external, you also need to make sure the slave can access the master on tcp ports 81, 636, 8154 and 8155.
The only certificates which synchronise, I believe are the CA and perhaps sys-0-cert and their keys. User certificates do not synchronise, but OpenVPN on a slave accepts user certificates created on the master.
If one of your machines is external, you also need to make sure the slave can access the master on tcp ports 81, 636, 8154 and 8155.
The only certificates which synchronise, I believe are the CA and perhaps sys-0-cert and their keys. User certificates do not synchronise, but OpenVPN on a slave accepts user certificates created on the master.
Responses (9)
-
Accepted Answer
-
Accepted Answer
Arnaud Forster wrote:
To use the certificate for port 81 it is set up in System > Settings > General Settings. To use it in the the web server you set it in Server > Web > Web Server.
Hello Nick,
Thanks for the enquiry. Yes, my certificate is valid for my subdomain "subdomain.domain.com" . According to my government's instructions, I added into the DNS of my domain's provide a A entry with my "subdomain.domain.com" and the local IP address. And this works. With a computer in my LAN I can reach my server using https://subdomain.domain.com"
but the valid certficate is only used when adding the port 81
I imported my certificate via the Certificate Manager then assign it to the web server. I think that's why it works fine when I connect to my webserver using port 81. But I just wanted to tell people to connect to https://mysbudomain.mydomain.com (without port 81) to be as simple as possible...
It is not practical to access the webconfig on anything other than port 81. -
Accepted Answer
Hello Nick,
Thanks for the enquiry. Yes, my certificate is valid for my subdomain "subdomain.domain.com" . According to my government's instructions, I added into the DNS of my domain's provide a A entry with my "subdomain.domain.com" and the local IP address. And this works. With a computer in my LAN I can reach my server using https://subdomain.domain.com"; but the valid certficate is only used when adding the port 81
I imported my certificate via the Certificate Manager then assign it to the web server. I think that's why it works fine when I connect to my webserver using port 81. But I just wanted to tell people to connect to https://mysbudomain.mydomain.com (without port 81) to be as simple as possible... -
Accepted Answer
Arnaud Forster wrote:
It depends on how you got port 81 working. Normally you'd import it via the Certificate Manager then assign it in the WebServer. Is your certificate valid for subdomain.domain.com?
A last question (I hope) ....
when connecting to my ClearOS web application ; if I use the port 81 , it's my valid and imported cetificated that is used and I've no problem. But if i'm trying to connect without the port 81 (https://subdomain.domain.com), I get a warning/error because this is the default self-signet certificate that is used.
Is there a way always using my importing certificate ? -
Accepted Answer
-
Accepted Answer
A last question (I hope) ....
when connecting to my ClearOS web application ; if I use the port 81 , it's my valid and imported cetificated that is used and I've no problem. But if i'm trying to connect without the port 81 (https://subdomain.domain.com), I get a warning/error because this is the default self-signet certificate that is used.
Is there a way always using my importing certificate ? -
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »