NAME

       corosync-qdevice-net-certutil - tool to generate qdevice model net TLS certificates

SYNOPSIS

       corosync-qdevice-net-certutil [-i|-m|-M|-r|-s|-Q] [-c certificate] [-n cluster_name]

DESCRIPTION

       corosync-qdevice-net-certutil  is  a  frontend for NSS certutil used for generating client
       certificate for the net model of qdevice.

OPTIONS

       -i     Initialize the QDevice Net NSS certificate database.  The default directory for the
              database  is  /etc/corosync/qdevice/net/.  This directory has to be writable by the
              current user. It needs the QNetd CA certificate passed as the  -c  parameter.  This
              certificate   can   be   found   on   the   server   running   QNetd  in  the  file
              /etc/corosync/qnetd/nssdb/qnetd-cacert.crt.

       -m     Import the cluster certificate and key from a pk12 file.

       -r     Generate  a  certificate  request.  The  certificate  request  is   exported   into
              /etc/corosync/qdevice/net/qdevice-net-node.crq. It is necessary to pass the cluster
              name using the -n parameter. The cluster name has  to  match  the  one  defined  in
              /etc/corosync/corosync.conf.

       -M     Import  a  signed  certificate  and export a certificate with private key into pk12
              file.

       -Q     Use ssh/scp to properly set both corosync-qnetd and  corosync-qdevice  certificates
              on  all  nodes.  It's highly recommended that you use an ssh agent, or ssh/scp will
              keep asking for a password - roughly 8 times the number of nodes.

       -c     File with certificate to load.

       -n     Name of the cluster.

SEE ALSO

       corosync-qnetd(8) corosync-qdevice(8)

AUTHOR

       Jan Friesse

                                            2016-06-28           COROSYNC-QDEVICE-NET-CERTUTIL(8)