[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Todays snapshot 20080406



On Monday 07 April 2008 07:31:57 Henrik Stoerner wrote:
> On Sun, Apr 06, 2008 at 11:39:15AM +0200, Lars Ebeling wrote:
> > 2008-04-06 11:17:41 hobbitlaunch starting
> > 2008-04-06 11:17:41 Loading tasklist configuration from
> > /home/hobbit/server/etc/ hobbitlaunch.cfg
> > 2008-04-06 11:17:41 Loading hostnames
> > 2008-04-06 11:17:41 Loading saved state
> > 2008-04-06 11:17:42 Setting up network listener on 0.0.0.0:1984
> > 2008-04-06 11:17:42 Setting up local listener
> > 2008-04-06 11:17:43 Cannot load SSL certificate
> > 18193:error:02001002:system library:fopen:No such file or
> > directory:bss_file.c:3
> > 49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r')
>
> Yep, working on adding support for SSL-encrypted connections to
> the Hobbit server. Server-side is done, client-side needs some
> re-writing of a module.
>
> There's a decent tutorial on creating your own SSL certificates
> at http://www.akadia.com/services/ssh_test_certificate.html

Note that this says nothing about certificate validation. Will requiring 
certificate validation be possible with Hobbit (both client and server-side)?

> Although You obviously cannot use it until I get the client-side
> code finished.

I'll note that on larger deployments, it may be better to generate an internal 
CA certificate. We use OpenCA (although OpenXPKI is worth a look) for 
certificates for OpenVPN, Cisco VPN routers and clients, our LDAP servers, 
our audited shell server and clients etc. It supports enrolment via SCEP 
(Cisco routers, Cisco VPN client, autosscep or sscep for generic Unix 
machines).

Regards,
Buchan