[Box Backup] Certificate for Windows

Ben Summers boxbackup@fluffy.co.uk
Fri, 5 Nov 2004 09:15:46 +0000


On 4 Nov 2004, at 23:06, ken wrote:

> I am trying to create certificates for Windows clients and sign them 
> with
> boxbackups CA.
>
> Here is what I do:
>
> Create an account:
> /usr/bin/bbstoreaccounts create 1234 0 4096M 4505M
>
> Generating private key:
> openssl genrsa -out /etc/box/bbackupd/1234-key.pem 2048
>
> Generate certificate request (is there a boxbackup config file I should
> use?):

No, you should use the defaults.

> openssl req -new -key /etc/box/bbackupd/1234-key.pem -sha1 -out
> /etc/box/bbackupd/1234-csr.pem

What did you enter for all the data it requested?

>
> Generate keys for file backup:
> openssl rand -out /etc/box/bbackupd/1234-FileEncKeys.raw 1024
>
> Sign certs:
> cd /etc/box
> /usr/bin/bbstored-certs ca sign bbackupd/1234-csr.pem
>
> And get this error:
> No subject found in CSR bbackupd/1234-csr.pem at 
> /usr/bin/bbstored-certs
> line 336.

I suspect that you didn't put the correct stuff into the CSR. The 
common name needs to be BACKUP-1234 in this example -- remember that 
this certificate authenticates the client to the server, so it has to 
include the account number somewhere!

Ben