[Box Backup] Signing Server Certificate Fails.
Ben Summers
boxbackup@fluffy.co.uk
Wed, 27 Oct 2004 16:45:39 +0100
On 27 Oct 2004, at 16:37, ken wrote:
> Hi,
>
> I have installed boxbackup on Fedora Core 2 by first making the rpms
> and
> then installing the new rpms.
>
> I have run the scripts to create the config files, generated the
> certificate and get a failure when trying to sign the server
> certificate.
>
> Here is what I have done:
> cd /etc/box/ (directory above the /ca)
> /usr/bin/bbstored-certs ca sign-server mybizguard.com-key.pem (the
> cert
> is here /etc/box/bbstored/mybizguard.com-key.pem)
>
> Error is:
> mybizguard.com-key.pem does not exist at /usr/bin/bbstored-certs line
> 270.
>
> It seems it cannot find the certificate in the appropriate directory.
> Question would be where do I run this from?
I would expect you to keep the ca directory well away from anywhere
which might be publicly accessible. This is essentially the keys to
your server, with a copy anyone can read any account on the server (and
mark stuff to be deleted). Although of course they won't be able to
decrypt the contents.
Anyway, in your example, you would use
/usr/bin/bbstored-certs ca sign-server bbstored/mybizguard.com-key.pem
because the filename you provide is a filename relative to the current
directory. The script will then tell you which files you need to
install on the server in the /etc/box/bbstored/ directory, so you would
then copy them as instructed.
Hope this helps.
Ben