[Box Backup] Question about certificates
Baltasar Cevc
boxbackup@fluffy.co.uk
Tue, 31 Jul 2007 15:15:40 +0200
On Tue, 31 Jul 2007 10:50:14 +0100
Nuno Fernandes <npf-mlists@eurotux.com> wrote:
> Hi,
>
> I have a question about managing certificates. We have a company CA
> and we've created a sub-ca just for boxbackup.
>
> How can we use it in bbstored-certs script?
I assume that it should be enough to replace the files in the
CA directory by your CAs (see below about the CAs), I'm not
sure though.
> Aparently
> bbstored-certs /etc/box/bbstored/certs init
> creates 2 root CAs (one for clients and the other for servers). Why
> does it create 2 CAs?
One is for validating servers, the other for validating clients.
I think servers are just accepted as valid if they present a
valid certificate signed by the server CA.
For clients, the CN must match - I think it must
BACKUP-<account number> (without zeros at the beginning), the
certificate being signed by the client CA.
Hope that helps,
Baltasar