[Box Backup] Certificate question

Justin H Haynes boxbackup@fluffy.co.uk
Wed, 27 Oct 2004 03:00:34 -0500 

I hope to accurately outline my ignorance by giving enough information.  
I am having a problem getting my certificate signed.   I don't know 
which piece I don't understand.

I had to install a the newest version of openssl on a friend's server to 
set it up as a boxbackup client.  after changing the path so it would 
the correct openssl in /usr/local/ssl/bin and changing the 
/usr/local/ssl/openssl.cnf file to reflect the right location, name, 
email address etc, I ran this:

/usr/local/bin/bbackupd-config /usr/local/etc/box lazy 0 
sigil.mechanus.org /usr/local/var/bbackupd /home

Things went well:

2) Send /usr/local/etc/box/bbackupd/0-csr.pem
   to the administrator of the backup server, and ask for it to
   be signed.

OK, fine, thats me.  So I took that and pasted it into the new server 
certificate text box at CACert to request a certificate:


-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAUACAQAwEzERMA8GA1UEAxMIQkFDS1VQLTAwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDDimxS9XUWNC4RgVnjijGItX8y2eu3ZS0pZVkdd738
Egv+7mLlhNN41TlaFIzwqMLV4WJZWXqwSX1iF2Ef+EgHzdSl4ifxIQ9ipR3e4mv9
5ao+FJ74kasgD0/8uqcF6XhL4tJB019yM2DacT1kybG5w90KG5FrH7JTamZJYxtQ
UM+UNEDh4yYu47lDz0D52QGKpAIDBaVREhY/8qx66EhtY/Tf9IWhmsZtgcFwK+pS
TKcW9GbslemenyQJ7n8NMfCdH5TFtQRlN/EoQOXXqJoLvqqqzQIduL+3VayVGNWL
Y8UUfv9odDPvrZ3qG+wPi08GU4NmXVcAXv9sMJA1wdoVAgMBAAGgADANBgkqhkiG
9w0BAQUFAAOCAQEAad+LPrimCEofSuOM83GDEkQNs+K5AB2kzrtgiZbXGH8ZqsDU
pshryZRxoBetm4LqsgugLc4/vbpnAH9dUdv4RDeHvBCt4AvcwlmKnyMVLuQYRzIA
qB0meuXDLUwROSpdDc4PriGS/KZn+P9es5N2/AB9GzZTiHcfcDiTKb+4uY1OCopF
5jC5lSt2DUE+LiCFzr2V/62iLN2k7MkJBowe02KYklfgDQwUa3HpBdpUJo8olrW+
Ye/CFwHuh8YvKd053WXmW7oyAApAJA36BSsGwInTM8JAMtZppXIEpyupwRjZtZSS
2O/RpB0QS7B3vHyhKY1kJfamg+Eqe1iLWpvTTA==
-----END CERTIFICATE REQUEST-----

I get this:
Unable to match 'BACKUP-0' against any domain validated against your 
account.



without the begin and end banners I get this when I submit:

Make sure the following is correct:

Organisation:
Org. Unit:
Location:
State/Province:
Country:
Email Address:


Well, thats not correct, because this is what openssl says in the 
bbackupd-config output:

"
If you enter '.', the field will be left blank.
-----
US [AU]:Texas [Some-State]:Houston []:Sigil Networks [Internet Widgits 
Pty Ltd]:Organizational Unit Name (eg, section) []:Justin H Haynes 
[]:Justin@Haynes.net []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:
"



Well, I have Justin@Haynes.net verified with cacert.org as well as 
haynesj@mechanus.org.  So, I'm not sure what is going wrong.  I'm 
assuming I need to leave in the banners when pasting that text.  Also, 
I'm assuming cacert is picking up the certificate since it identifies it 
at BACKUP-0.  I dont' understand what it is looking for.  Does it expect 
an email on file to be in the form of username@hostname?  
sigil.mechanus.org is behind NAT and only resolves to a private IP 
address.  should I tell bbackupd-config the hostname is mechanus.org 
since that does resolve via DNS and because I have haynesj@mechanus.org 
and not haynesj@sigil.mechanus.org (see my bbackupd-config command above 
where I used sigil.mechanus.org as the hostname, which is accurate on 
that machine) ?


Thanks!,

Justin