21 Kvě
2012
21 Kvě
'12
18:32
Mario,
Have you tweaked epp file in apache by adding the new CA and the server
cert and key?
What I normally do is I use tinyca on a separate machine...
I create a CA,create server cert and key and finally the client cert and key.
Once done I ship them to the server I want then does a small change on the
epp file in apache to reflect the ca and server cert/key
Then I use client certs and key for fred-client.
I have never tried to use the same server cert and key for the fred-client.
Bryton.
I have done this, according to
http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your
own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new
CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in
/usr/share/fred-client/ssl directory, and the fred-client configuration
file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users