[hobbit] Todays snapshot 20080406
Buchan Milne
bgmilne at staff.telkomsa.net
Mon Apr 7 09:54:22 CEST 2008
On Monday 07 April 2008 07:31:57 Henrik Stoerner wrote:
> On Sun, Apr 06, 2008 at 11:39:15AM +0200, Lars Ebeling wrote:
> > 2008-04-06 11:17:41 hobbitlaunch starting
> > 2008-04-06 11:17:41 Loading tasklist configuration from
> > /home/hobbit/server/etc/ hobbitlaunch.cfg
> > 2008-04-06 11:17:41 Loading hostnames
> > 2008-04-06 11:17:41 Loading saved state
> > 2008-04-06 11:17:42 Setting up network listener on 0.0.0.0:1984
> > 2008-04-06 11:17:42 Setting up local listener
> > 2008-04-06 11:17:43 Cannot load SSL certificate
> > 18193:error:02001002:system library:fopen:No such file or
> > directory:bss_file.c:3
> > 49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r')
>
> Yep, working on adding support for SSL-encrypted connections to
> the Hobbit server. Server-side is done, client-side needs some
> re-writing of a module.
>
> There's a decent tutorial on creating your own SSL certificates
> at http://www.akadia.com/services/ssh_test_certificate.html
Note that this says nothing about certificate validation. Will requiring
certificate validation be possible with Hobbit (both client and server-side)?
> Although You obviously cannot use it until I get the client-side
> code finished.
I'll note that on larger deployments, it may be better to generate an internal
CA certificate. We use OpenCA (although OpenXPKI is worth a look) for
certificates for OpenVPN, Cisco VPN routers and clients, our LDAP servers,
our audited shell server and clients etc. It supports enrolment via SCEP
(Cisco routers, Cisco VPN client, autosscep or sscep for generic Unix
machines).
Regards,
Buchan
More information about the Xymon
mailing list