'Invalid SSL certificate' when adding cluster nameserver

1 post / 0 new
#1 Wed, 06/22/2016 - 03:06
essdeeay

'Invalid SSL certificate' when adding cluster nameserver

I receive the following error when I try to add my secondary nameserver to the cluster (as per documentation):

Adding relay2.virtality.co.uk .. Failed to connect to relay2.virtality.co.uk : Invalid SSL certificate : Certificate is signed by an unknown CA : /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 (code 27)

On the secondary nameserver itself, I've configured the certificates in 'Webmin-->Webmin Configuration-->SSL Encryption' and running an SSL test to port 10000 from https://www.digicert.com/help/ shows that both the certificate itself and the chain certificate are absolutely fine.

On the primary nameserver, I've added the secondary in 'Webmin-->Webmin Servers Index' using the hostname as listed above, port 10000 (which is default), with 'SSL Server option: Yes' and 'Check SSL Certificate - enabled'. Then, when adding the secondary to the Cluster Slave Servers in Bind, I get the above error.

I don't know the mechanism that Bind/Webmin uses when adding the server, so I don't really know where to start troubleshooting.

Many thanks, Steve