[Box Backup] Question about certificates

Nuno Fernandes boxbackup@fluffy.co.uk
Wed, 1 Aug 2007 11:26:51 +0100


Hi,

On Tuesday 31 July 2007 14:15:40 Baltasar Cevc wrote:
> On Tue, 31 Jul 2007 10:50:14 +0100
>
> Nuno Fernandes <npf-mlists@eurotux.com> wrote:
> > Hi,
> >
> > I have a question about managing certificates. We have a company CA
> > and we've created a sub-ca just for boxbackup.
> >
> > How can we use it in bbstored-certs script?
>
> I assume that it should be enough to replace the files in the
> CA directory by your CAs (see below about the CAs), I'm not
> sure though.
>
> > Aparently
> > bbstored-certs /etc/box/bbstored/certs init
> > creates 2 root CAs (one for clients and the other for servers). Why
> > does it create 2 CAs?
>
> One is for validating servers, the other for validating clients.
> I think servers are just accepted as valid if they present a
> valid certificate signed by the server CA.
> For clients, the CN must match - I think it must
> BACKUP-<account number> (without zeros at the beginning), the
> certificate being signed by the client CA.
Can't i use the same CA to validate servers and clients?


Thanks
Nuno Fernandes

>
> Hope that helps,
> Baltasar
> _______________________________________________
> boxbackup mailing list
> boxbackup@fluffy.co.uk
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup