On Monday 07 April 2008 07:31:57 Henrik Stoerner wrote:
On Sun, Apr 06, 2008 at 11:39:15AM +0200, Lars Ebeling wrote:
2008-04-06 11:17:41 hobbitlaunch starting
2008-04-06 11:17:41 Loading tasklist configuration from
/home/hobbit/server/etc/ hobbitlaunch.cfg
2008-04-06 11:17:41 Loading hostnames
2008-04-06 11:17:41 Loading saved state
2008-04-06 11:17:42 Setting up network listener on 0.0.0.0:1984
2008-04-06 11:17:42 Setting up local listener
2008-04-06 11:17:43 Cannot load SSL certificate
18193:error:02001002:system library:fopen:No such file or
directory:bss_file.c:3
49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r')
Yep, working on adding support for SSL-encrypted connections to
the Hobbit server. Server-side is done, client-side needs some
re-writing of a module.
There's a decent tutorial on creating your own SSL certificates
at http://www.akadia.com/services/ssh_test_certificate.html
Note that this says nothing about certificate validation. Will requiring
certificate validation be possible with Hobbit (both client and server-side)?
Although You obviously cannot use it until I get the client-side
code finished.
I'll note that on larger deployments, it may be better to generate an internal
CA certificate. We use OpenCA (although OpenXPKI is worth a look) for
certificates for OpenVPN, Cisco VPN routers and clients, our LDAP servers,
our audited shell server and clients etc. It supports enrolment via SCEP
(Cisco routers, Cisco VPN client, autosscep or sscep for generic Unix
machines).
Regards,
Buchan