Provided by: corosync-qdevice_3.0.1-1_amd64
corosync-qdevice-net-certutil - tool to generate qdevice model net TLS certificates
corosync-qdevice-net-certutil [-i|-m|-M|-r|-s|-Q] [-c certificate] [-n cluster_name]
corosync-qdevice-net-certutil is a frontend for NSS certutil used for generating client certificate for the net model of qdevice.
-i Initialize the QDevice Net NSS certificate database. The default directory for the database is /etc/corosync/qdevice/net/. This directory has to be writable by the current user. It needs the QNetd CA certificate passed as the -c parameter. This certificate can be found on the server running QNetd in the file /etc/corosync/qnetd/nssdb/qnetd-cacert.crt. -m Import the cluster certificate and key from a pk12 file. -r Generate a certificate request. The certificate request is exported into /etc/corosync/qdevice/net/qdevice-net-node.crq. It is necessary to pass the cluster name using the -n parameter. The cluster name has to match the one defined in /etc/corosync/corosync.conf. -M Import a signed certificate and export a certificate with private key into pk12 file. -Q Use ssh/scp to properly set both corosync-qnetd and corosync-qdevice certificates on all nodes. It's highly recommended that you use an ssh agent, or ssh/scp will keep asking for a password - roughly 8 times the number of nodes. -c File with certificate to load. -n Name of the cluster.
Jan Friesse 2016-06-28 COROSYNC-QDEVICE-NET-CERTUTIL(8)