Issues configuring Standby's in HA Cluster

We are experiencing the following issue when trying to configure standby while using the enterprise CA certificate for HA cluster, while using the self-signed certificate we are not having this issue. We have validated the certificate settings and it has the correct CN, SANs as recommended in CyberArk documentation

Error message below
"pg_basebackup -D /var/lib/postgresql/9.4/main -d host=\ port=5432\ user= application_name=standby_\ sslmode=verify-ca\ sslrootcert=/opt/conjur/etc/ssl/ca.pem\ sslcert=/opt/conjur/etc/ssl/conjur.pem --xlog-method=stream --verbose --progress

pg_basebackup: could not connect to server: received invalid response to SSL negotiation: H"

Any suggestions on correcting this would help

Hello @sjohnkennedy -

For this sort of problem, since we’ll need to dig into the specifics of your configuration it’s probably best to open a SalesForce case. I took a look and it appears you may have already done so - so I hope you’ll have the support you need soon (if you haven’t already).

This is likely caused by Followers or Standbys configured with stale or invalid certificates.

When you imported the enterprise CA certificates, did you redeploy the followers? If not, the follower will have the original, self-signed certificate (which has now been replaced with the third party certificate imported into the master).

@izgerij I was able to get necessary assistance from Support. Thank you for your response!

1 Like