Todays snapshot 20080406
list Lars Ebeling
2008-04-06 11:17:41 hobbitlaunch starting 2008-04-06 11:17:41 Loading tasklist configuration from /home/hobbit/server/etc/
hobbitlaunch.cfg 2008-04-06 11:17:41 Loading hostnames 2008-04-06 11:17:41 Loading saved state 2008-04-06 11:17:42 Setting up network listener on 0.0.0.0:1984 2008-04-06 11:17:42 Setting up local listener 2008-04-06 11:17:43 Cannot load SSL certificate 18193:error:02001002:system library:fopen:No such file or directory:bss_file.c:3
49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r') 18193:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:351: 18193:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:
ssl_rsa.c:720: --
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
"I am not young enough to know everything."
-- Oscar Wilde
list Henrik Størner
▸
On Sun, Apr 06, 2008 at 11:39:15AM +0200, Lars Ebeling wrote:
2008-04-06 11:17:41 hobbitlaunch starting 2008-04-06 11:17:41 Loading tasklist configuration from /home/hobbit/server/etc/
hobbitlaunch.cfg 2008-04-06 11:17:41 Loading hostnames 2008-04-06 11:17:41 Loading saved state 2008-04-06 11:17:42 Setting up network listener on 0.0.0.0:1984 2008-04-06 11:17:42 Setting up local listener 2008-04-06 11:17:43 Cannot load SSL certificate 18193:error:02001002:system library:fopen:No such file or directory:bss_file.c:3
49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r') Yep, working on adding support for SSL-encrypted connections to the Hobbit server. Server-side is done, client-side needs some re-writing of a module. There's a decent tutorial on creating your own SSL certificates at http://www.akadia.com/services/ssh_test_certificate.html Although You obviously cannot use it until I get the client-side code finished. Regards, Henrik
list Lars Ebeling
▸
----- Original Message ----- From: "Henrik Stoerner" <user-ce4a2c883f75@xymon.invalid> To: <user-ae9b8668bcde@xymon.invalid> Sent: Monday, April 07, 2008 7:31 AM Subject: Re: [hobbit] Todays snapshot 20080406
Yep, working on adding support for SSL-encrypted connections to the Hobbit server. Server-side is done, client-side needs some re-writing of a module. There's a decent tutorial on creating your own SSL certificates at http://www.akadia.com/services/ssh_test_certificate.html
I restored yesterdays snapshot from backup, and followed the tutorial mentioned above. Now yesterdays snapshot works. But does it have any impact on todays snapshot?
▸
-- Regards Lars Ebeling http://leopg9.no-ip.org Hobbithobbyist "I am not young enough to know everything." -- Oscar Wilde
list Lars Ebeling
▸
----- Original Message ----- From: "Lars Ebeling" <user-1fecd3eafd52@xymon.invalid> To: <user-ae9b8668bcde@xymon.invalid> Sent: Monday, April 07, 2008 8:29 AM Subject: Re: [hobbit] Todays snapshot 20080406
I restored yesterdays snapshot from backup, and followed the tutorial mentioned above. Now yesterdays snapshot works.
I was to fast ;) All built in tests went purple except hobbitd
▸
-- Regards Lars Ebeling http://leopg9.no-ip.org Hobbithobbyist "I am not young enough to know everything." -- Oscar Wilde
list Buchan Milne
▸
On Monday 07 April 2008 07:31:57 Henrik Stoerner wrote:
On Sun, Apr 06, 2008 at 11:39:15AM +0200, Lars Ebeling wrote:2008-04-06 11:17:41 hobbitlaunch starting 2008-04-06 11:17:41 Loading tasklist configuration from /home/hobbit/server/etc/ hobbitlaunch.cfg 2008-04-06 11:17:41 Loading hostnames 2008-04-06 11:17:41 Loading saved state 2008-04-06 11:17:42 Setting up network listener on 0.0.0.0:1984 2008-04-06 11:17:42 Setting up local listener 2008-04-06 11:17:43 Cannot load SSL certificate 18193:error:02001002:system library:fopen:No such file or directory:bss_file.c:3 49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r')Yep, working on adding support for SSL-encrypted connections to the Hobbit server. Server-side is done, client-side needs some re-writing of a module. There's a decent tutorial on creating your own SSL certificates at http://www.akadia.com/services/ssh_test_certificate.html
Note that this says nothing about certificate validation. Will requiring certificate validation be possible with Hobbit (both client and server-side)?
▸
Although You obviously cannot use it until I get the client-side code finished.
I'll note that on larger deployments, it may be better to generate an internal CA certificate. We use OpenCA (although OpenXPKI is worth a look) for certificates for OpenVPN, Cisco VPN routers and clients, our LDAP servers, our audited shell server and clients etc. It supports enrolment via SCEP (Cisco routers, Cisco VPN client, autosscep or sscep for generic Unix machines). Regards, Buchan
list Henrik Størner
▸
On Mon, Apr 07, 2008 at 09:54:22AM +0200, Buchan Milne wrote:
On Monday 07 April 2008 07:31:57 Henrik Stoerner wrote:49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r')Yep, working on adding support for SSL-encrypted connections to the Hobbit server. Server-side is done, client-side needs some re-writing of a module.Note that this says nothing about certificate validation. Will requiring certificate validation be possible with Hobbit (both client and server-side)?
Not implemented yet - I want the basic stuff working first. But yes, you will be able to require clients to provide a valid client certificate, and clients to require a valid certificate from the Hobbit server.
▸
There's a decent tutorial on creating your own SSL certificates at http://www.akadia.com/services/ssh_test_certificate.htmlI'll note that on larger deployments, it may be better to generate an internal CA certificate. We use OpenCA (although OpenXPKI is worth a look) for certificates for OpenVPN, Cisco VPN routers and clients, our LDAP servers, our audited shell server and clients etc. It supports enrolment via SCEP (Cisco routers, Cisco VPN client, autosscep or sscep for generic Unix machines).
You can use whatever suits you best for generating the certificates. OpenCA is nice - I've only used it with OpenVPN, but it seems OK. Doing it with a couple of shell scripts is also possible once you get the hang of it. Regards, Henrik
list Henrik Størner
▸
On Mon, Apr 07, 2008 at 08:52:31AM +0200, Lars Ebeling wrote:
I restored yesterdays snapshot from backup, and followed the tutorial mentioned above. Now yesterdays snapshot works.I was to fast ;) All built in tests went purple except hobbitd
Should work better with this patch on top of the snapshot. Henrik
Attachments (1)
list Lars Ebeling
▸
----- Original Message ----- From: "Henrik Stoerner" <user-ce4a2c883f75@xymon.invalid> To: <user-ae9b8668bcde@xymon.invalid> Sent: Monday, April 07, 2008 12:52 PM Subject: Re: [hobbit] Todays snapshot 20080406
Should work better with this patch on top of the snapshot.
Yes, hope I wasn't to fast this time. Btw. Today the golfcourse opened for the season. The weather is nice and I played 9 holes.
▸
-- Regards Lars Ebeling http://leopg9.no-ip.org Hobbithobbyist "I am not young enough to know everything." -- Oscar Wilde