* Re: [9fans] https
@ 2003-07-11 20:24 David Presotto
0 siblings, 0 replies; 7+ messages in thread
From: David Presotto @ 2003-07-11 20:24 UTC (permalink / raw)
To: sah, 9fans
[-- Attachment #1: Type: text/plain, Size: 94 bytes --]
Add an 'owner=*' field to the key that you dump into factotum. See if your
old key has that.
[-- Attachment #2: Type: message/rfc822, Size: 2397 bytes --]
From: Sam <sah@softcardsystems.com>
To: <9fans@cse.psu.edu>
Subject: [9fans] https
Date: Fri, 11 Jul 2003 12:57:23 -0400 (EDT)
Message-ID: <Pine.LNX.4.30.0307111235560.16824-100000@athena>
I recently have had cause to regenerate our certificate
to indicate our more recent domain name. I've followed
the instructions in rsa(8) for key/cert generation.
Restarting httpd with the new cert causes https auths to fail
with ``no key matches.'' Given my penchant for boobism, I've
very carefully made certain the right key was in factotum and
even pulled the httpd binary from sources, just in case.
If I switch back to the old key/cert pair, authentication
works as expected.
Can anyone else see this or am I having local issues?
Thanks,
Sam
^ permalink raw reply [flat|nested] 7+ messages in thread
* [9fans] https
@ 2003-07-11 16:57 Sam
0 siblings, 0 replies; 7+ messages in thread
From: Sam @ 2003-07-11 16:57 UTC (permalink / raw)
To: 9fans
I recently have had cause to regenerate our certificate
to indicate our more recent domain name. I've followed
the instructions in rsa(8) for key/cert generation.
Restarting httpd with the new cert causes https auths to fail
with ``no key matches.'' Given my penchant for boobism, I've
very carefully made certain the right key was in factotum and
even pulled the httpd binary from sources, just in case.
If I switch back to the old key/cert pair, authentication
works as expected.
Can anyone else see this or am I having local issues?
Thanks,
Sam
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] https
2003-05-19 16:50 ` Dan Cross
@ 2003-05-19 18:19 ` Russ Cox
0 siblings, 0 replies; 7+ messages in thread
From: Russ Cox @ 2003-05-19 18:19 UTC (permalink / raw)
To: 9fans
Notice that if you haven't pulled in a while, you might have
an old ip/httpd/httpd binary, which will still be looking for
proto=sshrsa keys.
Also you need to recompile your kernel in order to link in
a new factotum that knows about proto=rsa.
Russ
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] https
2003-05-19 14:42 ` Sam
@ 2003-05-19 16:50 ` Dan Cross
2003-05-19 18:19 ` Russ Cox
0 siblings, 1 reply; 7+ messages in thread
From: Dan Cross @ 2003-05-19 16:50 UTC (permalink / raw)
To: 9fans
Sam <sah@softcardsystems.com> writes:
>
> > Shouldn't that be, ``proto=rsa'' ?
>
> Yeah, it probably *should* be, but it's not.
> Therein lies my confusion.
Okay, I'll be definative. It should be, ``proto=rsa service=tls'';
that's what I'm using on my web server. The documentation is probably
out of date. There was a note to 9fans from Russ about it, but it was
a while back. Make that change, and you'll be good to go. Make sure
you have, ``owner=none'' in there, too, but I think you mentioned
that earlier and are already good to go with it.
- Dan C.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] https
2003-05-19 14:24 Sam
@ 2003-05-19 15:35 ` Dan Cross
2003-05-19 14:42 ` Sam
0 siblings, 1 reply; 7+ messages in thread
From: Dan Cross @ 2003-05-19 15:35 UTC (permalink / raw)
To: 9fans
Shouldn't that be, ``proto=rsa'' ?
- Dan C.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9fans] https
2003-05-19 15:35 ` Dan Cross
@ 2003-05-19 14:42 ` Sam
2003-05-19 16:50 ` Dan Cross
0 siblings, 1 reply; 7+ messages in thread
From: Sam @ 2003-05-19 14:42 UTC (permalink / raw)
To: 9fans
> Shouldn't that be, ``proto=rsa'' ?
Yeah, it probably *should* be, but it's not.
Therein lies my confusion.
Sam
^ permalink raw reply [flat|nested] 7+ messages in thread
* [9fans] https
@ 2003-05-19 14:24 Sam
2003-05-19 15:35 ` Dan Cross
0 siblings, 1 reply; 7+ messages in thread
From: Sam @ 2003-05-19 14:24 UTC (permalink / raw)
To: 9fans
Having followed the directions in rsa(8),
I'm still not able to make secure connections.
The following is in the logfile for httpd:
can't open /net/tcp/25/data: tls: local
factotum_rsa_open: no key matches
proto=sshrsa role=client
% lookman sshrsa
man 4 factotum # factotum(4)
% man 4 factotum | grep sshrsa
%
tips?
Sam
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-07-11 20:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-11 20:24 [9fans] https David Presotto
-- strict thread matches above, loose matches on Subject: below --
2003-07-11 16:57 Sam
2003-05-19 14:24 Sam
2003-05-19 15:35 ` Dan Cross
2003-05-19 14:42 ` Sam
2003-05-19 16:50 ` Dan Cross
2003-05-19 18:19 ` Russ Cox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).