[pve-devel] pvecm add error, with commercial certificate

[Alexandre DERUMIER]

Hi, I have had an error on 2 new servers, trying to join them to an existing cluster (with commercial wildcard certificate on previous cluster nodes)



# pvecm add X.X.X.X

copy corosync auth key 
stopping pve-cluster service 
Stopping pve cluster filesystem: pve-cluster. 
backup old database 
Starting pve cluster filesystem : pve-cluster. 
Starting cluster: 
Checking if cluster has been disabled at boot... [ OK ] 
Checking Network Manager... [ OK ] 
Global setup... [ OK ] 
Loading kernel modules... [ OK ] 
Mounting configfs... [ OK ] 
Starting cman... [ OK ] 
Waiting for quorum... [ OK ] 
Starting fenced... [ OK ] 
Starting dlm_controld... [ OK ] 
Tuning DLM kernel config... [ OK ] 
Unfencing self... [ OK ] 
waiting for quorum...OK 
generating node certificates 
Signature ok 
subject=/OU=PVE Cluster Node/O=Proxmox Virtual Environment/CN=kvm11.odiso.net 
Getting CA Private Key 
CA certificate and CA private key do not match 
139920144135848:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:330: 
unable to generate pve ssl certificate: 
command 'openssl x509 -req -in /tmp/pvecertreq-9666.tmp -days 3650 -out /etc/pve/nodes/kvm11/pve-ssl.pem -CAkey /etc/pve/priv/pve-root-ca.key -CA /etc/pve/pve-root-ca.pem -CAserial /etc/pve/priv/pve-root-ca.srl -extfile /tmp/pvesslconf-9666.tmp' failed: exit code 1 



The result is a empty /etc/pve/local/pve-ssl.pem.

I have simply copied the /etc/pve/local/pve-ssl.pem and pve-ssl.key from other previous nodes, and It's working.