Issues configuring Standby's in HA Cluster

sjohnkennedy · May 13, 2020, 2:31pm

We are experiencing the following issue when trying to configure standby while using the enterprise CA certificate for HA cluster, while using the self-signed certificate we are not having this issue. We have validated the certificate settings and it has the correct CN, SANs as recommended in CyberArk documentation

Error message below
"pg_basebackup -D /var/lib/postgresql/9.4/main -d host=\ port=5432\ user= application_name=standby_\ sslmode=verify-ca\ sslrootcert=/opt/conjur/etc/ssl/ca.pem\ sslcert=/opt/conjur/etc/ssl/conjur.pem --xlog-method=stream --verbose --progress

pg_basebackup: could not connect to server: received invalid response to SSL negotiation: H"

Any suggestions on correcting this would help

izgerij · May 14, 2020, 9:29pm

Hello @sjohnkennedy -

For this sort of problem, since we’ll need to dig into the specifics of your configuration it’s probably best to open a SalesForce case. I took a look and it appears you may have already done so - so I hope you’ll have the support you need soon (if you haven’t already).

jason.vanderhoof · May 14, 2020, 9:32pm

This is likely caused by Followers or Standbys configured with stale or invalid certificates.

When you imported the enterprise CA certificates, did you redeploy the followers? If not, the follower will have the original, self-signed certificate (which has now been replaced with the third party certificate imported into the master).

sjohnkennedy · May 14, 2020, 11:39pm

@izgerij I was able to get necessary assistance from Support. Thank you for your response!