[Box Backup] Signing Server Certificate Fails.
Ben Summers
boxbackup@fluffy.co.uk
Wed, 27 Oct 2004 17:11:06 +0100
On 27 Oct 2004, at 17:02, ken wrote:
>
>>
>> On 27 Oct 2004, at 16:37, ken wrote:
>>
>>> Hi,
>>>
>>> I have installed boxbackup on Fedora Core 2 by first making the rpms
>>> and
>>> then installing the new rpms.
>>>
>>> I have run the scripts to create the config files, generated the
>>> certificate and get a failure when trying to sign the server
>>> certificate.
>>>
>>> Here is what I have done:
>>> cd /etc/box/ (directory above the /ca)
>>> /usr/bin/bbstored-certs ca sign-server mybizguard.com-key.pem (the
>>> cert
>>> is here /etc/box/bbstored/mybizguard.com-key.pem)
>>>
>>> Error is:
>>> mybizguard.com-key.pem does not exist at /usr/bin/bbstored-certs line
>>> 270.
>>>
>>> It seems it cannot find the certificate in the appropriate directory.
>>> Question would be where do I run this from?
>>
>> I would expect you to keep the ca directory well away from anywhere
>> which might be publicly accessible. This is essentially the keys to
>> your server, with a copy anyone can read any account on the server
>> (and
>> mark stuff to be deleted). Although of course they won't be able to
>> decrypt the contents.
>>
>> Anyway, in your example, you would use
>>
>> /usr/bin/bbstored-certs ca sign-server
>> bbstored/mybizguard.com-key.pem
>>
>> because the filename you provide is a filename relative to the current
>> directory. The script will then tell you which files you need to
>> install on the server in the /etc/box/bbstored/ directory, so you
>> would
>> then copy them as instructed.
>>
>> Hope this helps.
> That got me further now get this error:
> unable to load X509 request
> 5644:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:632:Expecting: CERTIFICATE REQUEST
> No subject found in CSR bbstored/mybizguard.com-key.pem at
> /usr/bin/bbstored-certs line 336.
Sorry, I didn't notice that you're trying to sign using the key itself,
not the certificate request file. It should be
/usr/bin/bbstored-certs ca sign-server bbstored/mybizguard.com-csr.pem
(note -csr not -key)
That should work... :-)
Make sure you read the output from the configuration scripts carefully.
They tell you exactly what you need to do, and if you follow those
instructions (along with the instructions on the web site) you will get
a working system.
Ben