I am attempting to configure ssl in Nginx for the first time.

I am getting the following error from

    cap deploy

Error:

 [err :: 209.166.65.132] 15643:error:0200100D:system
library:fopen:Permission denied:bss_file.c:126:fopen('/usr/lib/ssl/
openssl.cnf','rb')

I have the following in my deploy.rb:

set :user,            "deployer"
set :group,           "staff"
set :use_sudo,        false



/usr/lib/ssl/openssl.cnf is a symlink to /etc/ssl/openssl.cnf,

group 'staff' , which 'deployer' is a member of, has read permission
for /etc/ssl/openssl.cnf,
and the symlink is root/root for user and group---with 777 permissions
which is normal.

However, I am unable to do a : less /etc/ssl/openss.cnf

when I am logged in as deployer.

So perhaps I do not have a good grasp of the permission system. I
realize that /etc and /etc/ssl
are owned by root---but I thought that if staff is the group for /etc/
ssl/openssl.cnf, deployer belongs
to staff, and the group permission for /etc/ssl/openssl.cnf is read---
I should be able to read that file?

Testing path:

sudo openssl verify -CApath /etc/ssl/certs server.pem
Error opening certificate file server.pem

***FAILED***

Testing Connection:

sudo openssl s_client -connect aceleathergoods.net:443 -CApath /etc/
ssl/
CONNECTED(00000003)
depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/[email protected]
verify return:1
depth=0 /CN=aceleathergoods.net
verify return:1
---
Certificate chain
 0 s:/CN=aceleathergoods.net
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/
[email protected]
 1 s:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/
[email protected]
 2 s:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/
[email protected]
   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/
[email protected]
---
-----(truncated results)

o client certificate CA names sent
---
SSL handshake has read 5755 bytes and written 319 bytes

....(truncated results)

  Start Time: 1346278528
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
read:errno=0

End Result:     Success connecting ( at least rest of report did not
seem to indicate any errors).

So if someone could straighten me out on where I am going wrong on
permissions I would really appreciate it.
Permissions are the default on my Debian Squeeze installation.

Thanks!

   Jet




-- 
* You received this message because you are subscribed to the Google Groups 
"Capistrano" group.
* To post to this group, send email to [email protected]
* To unsubscribe from this group, send email to 
[email protected] For more options, visit this group at 
http://groups.google.com/group/capistrano?hl=en

Reply via email to