[Box Backup] Certificate for Windows
Ben Summers
boxbackup@fluffy.co.uk
Fri, 5 Nov 2004 09:15:46 +0000
On 4 Nov 2004, at 23:06, ken wrote:
> I am trying to create certificates for Windows clients and sign them
> with
> boxbackups CA.
>
> Here is what I do:
>
> Create an account:
> /usr/bin/bbstoreaccounts create 1234 0 4096M 4505M
>
> Generating private key:
> openssl genrsa -out /etc/box/bbackupd/1234-key.pem 2048
>
> Generate certificate request (is there a boxbackup config file I should
> use?):
No, you should use the defaults.
> openssl req -new -key /etc/box/bbackupd/1234-key.pem -sha1 -out
> /etc/box/bbackupd/1234-csr.pem
What did you enter for all the data it requested?
>
> Generate keys for file backup:
> openssl rand -out /etc/box/bbackupd/1234-FileEncKeys.raw 1024
>
> Sign certs:
> cd /etc/box
> /usr/bin/bbstored-certs ca sign bbackupd/1234-csr.pem
>
> And get this error:
> No subject found in CSR bbackupd/1234-csr.pem at
> /usr/bin/bbstored-certs
> line 336.
I suspect that you didn't put the correct stuff into the CSR. The
common name needs to be BACKUP-1234 in this example -- remember that
this certificate authenticates the client to the server, so it has to
include the account number somewhere!
Ben