[Box Backup] Signing Server Certificate Fails.

Ben Summers boxbackup@fluffy.co.uk
Wed, 27 Oct 2004 16:45:39 +0100


On 27 Oct 2004, at 16:37, ken wrote:

> Hi,
>
> I have installed boxbackup on Fedora Core 2 by first making the rpms 
> and
> then installing the new rpms.
>
> I have run the scripts to create the config files, generated the
> certificate and get a failure when trying to sign the server 
> certificate.
>
> Here is what I have done:
> cd /etc/box/ (directory above the /ca)
> /usr/bin/bbstored-certs ca sign-server mybizguard.com-key.pem  (the 
> cert
> is here /etc/box/bbstored/mybizguard.com-key.pem)
>
> Error is:
> mybizguard.com-key.pem does not exist at /usr/bin/bbstored-certs line 
> 270.
>
> It seems it cannot find the certificate in the appropriate directory.
> Question would be where do I run this from?

I would expect you to keep the ca directory well away from anywhere 
which might be publicly accessible. This is essentially the keys to 
your server, with a copy anyone can read any account on the server (and 
mark stuff to be deleted). Although of course they won't be able to 
decrypt the contents.

Anyway, in your example, you would use

   /usr/bin/bbstored-certs ca sign-server bbstored/mybizguard.com-key.pem

because the filename you provide is a filename relative to the current 
directory. The script will then tell you which files you need to 
install on the server in the /etc/box/bbstored/ directory, so you would 
then copy them as instructed.

Hope this helps.

Ben