[Box Backup] Question about certificates

Baltasar Cevc boxbackup@fluffy.co.uk
Tue, 31 Jul 2007 15:15:40 +0200


On Tue, 31 Jul 2007 10:50:14 +0100
Nuno Fernandes <npf-mlists@eurotux.com> wrote:

> Hi,
> 
> I have a question about managing certificates. We have a company CA
> and we've created a sub-ca just for boxbackup.
> 
> How can we use it in bbstored-certs script?
I assume that it should be enough to replace the files in the
CA directory by your CAs (see below about the CAs), I'm not
sure though.

> Aparently 
> bbstored-certs /etc/box/bbstored/certs init
> creates 2 root CAs (one for clients and the other for servers). Why
> does it create 2 CAs?
One is for validating servers, the other for validating clients.
I think servers are just accepted as valid if they present a 
valid certificate signed by the server CA.
For clients, the CN must match - I think it must 
BACKUP-<account number> (without zeros at the beginning), the
certificate being signed by the client CA.

Hope that helps,
Baltasar