[Box Backup] Signing Server Certificate Fails.

ken boxbackup@fluffy.co.uk
Wed, 27 Oct 2004 14:22:34 -0400 (EDT)


Okay certificates created and signed.

But the server doesn't start:
service bbstored start
service bbstored status
bbstored dead but pid file exists

Questions:

What port does boxbackup listen on?

The certificates are only for boxbackup - correct?  And the access
location is defined in bbstored.conf?

Again thanks in advance - especially for the quick response.

(hope I don't sound confused - but I might be)

Cheers!
Ken

>
> On 27 Oct 2004, at 17:02, ken wrote:
>>
>>>
>>> On 27 Oct 2004, at 16:37, ken wrote:
>>>
>>>> Hi,
>>>>
>>>> I have installed boxbackup on Fedora Core 2 by first making the rpms
>>>> and
>>>> then installing the new rpms.
>>>>
>>>> I have run the scripts to create the config files, generated the
>>>> certificate and get a failure when trying to sign the server
>>>> certificate.
>>>>
>>>> Here is what I have done:
>>>> cd /etc/box/ (directory above the /ca)
>>>> /usr/bin/bbstored-certs ca sign-server mybizguard.com-key.pem  (the
>>>> cert
>>>> is here /etc/box/bbstored/mybizguard.com-key.pem)
>>>>
>>>> Error is:
>>>> mybizguard.com-key.pem does not exist at /usr/bin/bbstored-certs line
>>>> 270.
>>>>
>>>> It seems it cannot find the certificate in the appropriate directory.
>>>> Question would be where do I run this from?
>>>
>>> I would expect you to keep the ca directory well away from anywhere
>>> which might be publicly accessible. This is essentially the keys to
>>> your server, with a copy anyone can read any account on the server
>>> (and
>>> mark stuff to be deleted). Although of course they won't be able to
>>> decrypt the contents.
>>>
>>> Anyway, in your example, you would use
>>>
>>>    /usr/bin/bbstored-certs ca sign-server
>>> bbstored/mybizguard.com-key.pem
>>>
>>> because the filename you provide is a filename relative to the current
>>> directory. The script will then tell you which files you need to
>>> install on the server in the /etc/box/bbstored/ directory, so you
>>> would
>>> then copy them as instructed.
>>>
>>> Hope this helps.
>
>> That got me further now get this error:
>> unable to load X509 request
>> 5644:error:0906D06C:PEM routines:PEM_read_bio:no start
>> line:pem_lib.c:632:Expecting: CERTIFICATE REQUEST
>> No subject found in CSR bbstored/mybizguard.com-key.pem at
>> /usr/bin/bbstored-certs line 336.
>
>
> Sorry, I didn't notice that you're trying to sign using the key itself,
> not the certificate request file. It should be
>
>    /usr/bin/bbstored-certs ca sign-server bbstored/mybizguard.com-csr.pem
>
> (note -csr not -key)
>
> That should work... :-)
>
> Make sure you read the output from the configuration scripts carefully.
> They tell you exactly what you need to do, and if you follow those
> instructions (along with the instructions on the web site) you will get
> a working system.
>
> Ben
>
> _______________________________________________
> boxbackup mailing list
> boxbackup@fluffy.co.uk
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup
>


-- 
Ken Gregoire
Gordian Data Inc.
www.gordiandata.com
ken@gordiandata.net