[SOLVED] Location of SSL Host key fingerprints

zama · 08-02-2012, 12:32 AM

Hi All,

Need help in identifying the location of SSL Host key fingerprints in RHEL .

Was actually trying to create two HA clusters using the same nodes using Conga cluster software . But technically conga does not allows using the same nodes in a different cluster. I am getting the following error

""
Status messages:

Host system3.example.com has SSL key fingerprint 66:38

C:1B:26:03:6E:91:1C:A1:A4:43

0:5F

B:97:FE:CE:EE:1B
Host system4.example.com has SSL key fingerprint 78:C1:24:E8:AB:E7:06

B

4:C1:23:80:8E:A5:35:21:B9:9F:26:2C

----

[dismiss]

The following errors occurred:

Host system3.example.com is already a member of the cluster named "ldapcluster"
Host system4.example.com is already a member of the cluster named "ldapcluster"

=======

Need help in identifying the location from where it is retrieving the SSL key fingerprints.

Any help here will be highly appreciated ..

Thanks in Advance
Zaman

zhjim · 08-02-2012, 12:50 AM

I'd say the SSL fingerprint is derived from the SSL Certificate of the hosts. Are we talking HTTP or SSH? Also that won't matter mutch. Look into man page of openssl there should be a line on how to calculate the fingerprint of a certificate.

Nother thing. The hosts are already member of the cluster so what is the actual problem?
Another nother thing. Please put things into code blocks its easier to read than having emotion all over the fingerprint

.

zama · 08-02-2012, 02:03 AM

Thanks for the quick response.

Quote:

Originally Posted by zhjim

I'd say the SSL fingerprint is derived from the SSL Certificate of the hosts. Are we talking HTTP or SSH? Also that won't matter mutch. Look into man page of openssl there should be a line on how to calculate the fingerprint of a certificate.

Got the point . Will take a look at man page for openssl.

>> Another thing. The hosts are already member of the cluster so what is the actual problem?

The problem for me is that I want to use the same hosts to create another cluster , but conga technically does not allow this. So, was trying to identify how the software identifies that the host being already a member of another cluster. Tried IP aliasing and then added a new hostname corresponding to virtual ip address in /etc/hosts , but the cluster software still able to identify that the hosts are already a member of another cluster. So , it looked to me it is performing these tests based on the SSL fingerprint and hence was trying to identify the location of SSL fingerprint.

Will try to generate new set of keys for the new hostname if it is technically possible that I added in /etc/hosts , and will see how conga works

>> Another nother thing. Please put things into code blocks its easier to read than having emotion all over the fingerprint

.

Will take in future queries.

Thanks Again
Zaman

zama · 08-06-2012, 02:04 AM

Marking this Post as resolved as I was able to solve the issue of creating multiple clusters using same hosts by creating multiple failover domains. Also , got the understanding how SSL fingerprints are calculated