[Box Backup] Signing Server Certificate Fails.
ken
boxbackup@fluffy.co.uk
Wed, 27 Oct 2004 15:52:21 -0400 (EDT)
Hi Martin,
Your right - the CA will likely always be on the Internet. I know I used
to run a CA service for banks, etc. (but behind 3 different firewalls and
some vpn'd).
Once I get this all installed I will share my installation instructions
for FC2 specifically.
Cheers!
Ken
> On Wed, 2004-10-27 at 20:02, ken wrote:
>> Hi Martin,
>>
>> That didn't work. I did create user box before I installed the rpm
>> since
>> the first time it said no user box using root.
>>
>> Ideas on the spec file?
>
> Ken,
>
> I saw your other posts, glad it is working. The user was the only error;
> it's a one off creation thing and the RPM should all be fine from now
> on.
>
> Ben is right that following the instructions EXACTLY works, but even for
> a seasoned unix user I found them rather lengthy and complicated! I've
> tried to take away a little of the complexity with the RPM, but I'd
> still like to make it do more. I originally had it creating the config
> files but it had various problems so I removed that.
>
> As to the plan about keeping the CA on a machine not connected to the
> internet - well the only one I've got is my Psion, and even that's been
> connected on occasion! I suspect in these days of broadband and wireless
> routers very few people have machines not connected. And if an intruder
> hacks root on the client machine then all bets are off anyway. My CA is
> on the server in a 600-root only directory (/etc/box/ca in fact, just
> like yours).
>
> Cheers,
>
> Martin.
>
> _______________________________________________
> boxbackup mailing list
> boxbackup@fluffy.co.uk
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup
>
--
Ken Gregoire
Gordian Data Inc.
www.gordiandata.com
ken@gordiandata.net