[hobbit] Todays snapshot 20080406
Henrik Stoerner
henrik at hswn.dk
Mon Apr 7 10:37:33 CEST 2008
On Mon, Apr 07, 2008 at 09:54:22AM +0200, Buchan Milne wrote:
> On Monday 07 April 2008 07:31:57 Henrik Stoerner wrote:
> > > 49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r')
> >
> > Yep, working on adding support for SSL-encrypted connections to
> > the Hobbit server. Server-side is done, client-side needs some
> > re-writing of a module.
> >
> Note that this says nothing about certificate validation. Will requiring
> certificate validation be possible with Hobbit (both client and server-side)?
Not implemented yet - I want the basic stuff working first. But yes,
you will be able to require clients to provide a valid client
certificate, and clients to require a valid certificate from the
Hobbit server.
> > There's a decent tutorial on creating your own SSL certificates
> > at http://www.akadia.com/services/ssh_test_certificate.html
>
> I'll note that on larger deployments, it may be better to generate an internal
> CA certificate. We use OpenCA (although OpenXPKI is worth a look) for
> certificates for OpenVPN, Cisco VPN routers and clients, our LDAP servers,
> our audited shell server and clients etc. It supports enrolment via SCEP
> (Cisco routers, Cisco VPN client, autosscep or sscep for generic Unix
> machines).
You can use whatever suits you best for generating the certificates.
OpenCA is nice - I've only used it with OpenVPN, but it seems OK.
Doing it with a couple of shell scripts is also possible once you
get the hang of it.
Regards,
Henrik
More information about the Xymon
mailing list