I tried reproducing the scenario with generated certificates.
- I presume you have noticed this note “The Common Name value used for the server and client keys and certificates must differ from that value used for the CA certificate.”
- Following command has returned OK (without any error). “openssl verify -CAfile ca.pem server-cert.pem client-cert.pem”
- Please enable encryption for replication traffic too. Check this section “Encrypting Replication Traffic” 4. Enable the SST replication as documented “Encrypting SST Traffic” Either of the step is missing. I could get things working with the said documented step. We are also working on the making the document more easy to grasp.