The only way I could get it to work was by using the same SSL certs on all hosts, which seems like it would be really bad in some scenarios.
I tried creating the cert with gnutls instead of openssl, same problem.
signature.asc
Description: OpenPGP digital signature
