At 05:32 PM 4/17/01 +0100, you wrote:
The certificates stuff worked on 1.4.6 but does appear to have been broken. I am in the process of rewriting certifcate handling and simplifying its whole structure (doing away wiht host certs and <root> certs completely). This being the case I would suggest you hang fire on implementing SSL until these new changes are in place. Alternatively, you will have to have a crack at the code yourself - the only area I can think which could have caused the problem is in vsdadm.c, where I implemented a heirarchy for certificates.
Tim
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Druet
Sent: 17 April 2001 13:25
To: [EMAIL PROTECTED]
Subject: SSL Certificates
Did no one read my question ? or is there no answer to this dilema ?
I have re-posted below;
I have compiled the source to include SSL support and am reading the installation notes, and seem to be confused.
Exactly what does this mean ?
"To create your freevsd certificate authority run a short script using the following command
$ /usr/sbin/vsd-genca.pl
Follow the Instructions on the screen and when prompted for information accept the default values."
My first Question is regarding the default values, so do I not put the relevant information in regarding country and so on ? and why not ?
"To create certificates for the hosting server to communicate via SSL run another short script using the following command:
$/usr/sbin/vsd-genhostcert.pl
Follow the instructions on the screen as before. It is important that during the generation of the first certificate the common name is entered as the host server's name and that during the generation of the second certificate (the <root> certificate) the common name is entered as <root>."
This is the most confusing, am I to understand that when I go through the generation of the cert, that I would use calinux2 (the host server) for the first common name entry then when the second cert is being generated I enter <root> in the place of the common name ?
assuming that I am supposed to use <root> typed exactly as that and not interpreted to mean anything other then <root> something is not working for me.
I have gone through process of creating the VS cert by running the vsd-genvscert.pl script,
vsd-genvscert.pl calinux6
I then go through and enter the information
then I do,
vsdadm vs_create calinux2 calinux6 64.59.141.167 calinux6.calinuxsystems.com 3000 2000
I am then presented with an error message similar to the one in the installation instructions,
error:02001002:system library:fopen: No such file or directory: (/usr/local/etc/vsd/client/calinux2/root.key)
I read the manual a little further and learn that this is the result of an inappropriate key generation, but what did I do wrong ? and further to this, with out the key generation complete I cant create VS's ?
Further to the use of pre built skels, I believe that when they were created, either the "-p" switch was not used during the tar process to preserve perms or some other permissions issue is at hand, it seems that many many files and so on have the wrong permissions and as a result render the skels fairly useless.
Regards
Kevin Druet
CIO CA Linux Systems
