# openssl genrsa -out server-private.pem 1024 # openssl rsa -in server-private.pem -out server-public.pem -outform PEM -pubout MCollective server.cfg
securityprovider = ssl plugin.ssl_server_private = /etc/mcollective/ssl/server-private.pem plugin.ssl_server_public = /etc/mcollective/ssl/server-public.pem plugin.ssl_client_cert_dir = /etc/mcollective/ssl/clients/ plugin.ssl.enforce_ttl = 0Create client certs:
openssl genrsa -out username-private.pem 1024 openssl rsa -in username-private.pem -out username-public.pem -outform PEM -puboutSave them:
/home/username/.mc/username-private.pem /home/username/.mc/username-public.pemDistribute this to all mcollective servers/nodes:
/etc/mcollective/ssl/clients/username-public.pemMCollective client.cfg
securityprovider = ssl plugin.ssl_server_public = /etc/mcollective/ssl/server-public.pem plugin.ssl_client_private = /home/username/.mc/username-private.pem plugin.ssl_client_public = /home/username/.mc/username-public.pem]]>