Hi, [1] says that there is a unknown bug in csync2/gnutls and the way openssl generates certs. a workaround is to leave the common name (CN) in CSR creation empty. [1] http://archives.free.net.ph/message/20080811.081952.de6b9f3e.ja.html Works for me. HTH Sascha.