Hi,
----- Original Message -----
> From: "Adam Bishop" <[log in to unmask]>
> To: [log in to unmask]
> Sent: Thursday, 30 January, 2014 1:32:41 PM
> Subject: Re: Client certificate configuration
>
> On 20 Jan 2014, at 11:43, Kalle Happonen <[log in to unmask]> wrote:
> > So, first of all, the linux version of moonshot-ui seems to have moved to
> > use gnome-keyring. Does it still use identities.txt to configure the
> > client, i.e. do you configure the server certs there?
>
> Yes and no. There's a config file in /etc/moonshot/flatstore-users that
> controls the use of this file. For headless users, you should make sure
> they're using the flatstore at this time, as there are some rough edges
> around gnome-keyring.
>
> > Second, what should be put in these configuration variables
> > CA-Cert=
> > Subject=
> > SubjectAlt=
> > ServerCert=
>
>
> At the moment, we specify the hash of the certificate (sha256 if I recall
> correctly). Subject is the subject string in the certificate (i.e. if you
> want to trust a whole CA, but still only want to trust a specific cert) You
> don't need to populate all of them.
So basically just
openssl x509 -in server.pem |sha256sum ?
>
> There's a tool you can use to partially automate this - moonshot-webp. It
> consumes an XML file and configures identities as required. I've added a
> sample to this message.
That seems to be what I need. Is there a more comprehensive reference for the tool or the xml file?
Cheers,
Kalle
>
> Regards,
>
> Adam Bishop
> Systems Development Specialist
>
> gpg: 0x6609D460
> t: +44 (0)1235 822 245
> xmpp: [log in to unmask]
>
> Janet, the UK's research and education network.
>
> -----------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <identities>
> <identity>
> <display-name>Trust Router Credential generated at
> 1384125156</display-name>
> <user>a90e8d03-7de7-40d1-b00c-2256f03b8ae8</user>
> <password>notapassword</password>
> <realm>apc.moonshot.ja.net</realm>
> <selection-rules>
> <rule>
> <pattern>trustidentity</pattern>
> <always-confirm>false</always-confirm>
> </rule>
> </selection-rules>
> <trust-anchor>
> <server-cert>59b0c4e5d65f198095ece38bdac6394c7bf235bcee47b1c8276a0d3c2c80607e</server-cert>
> </trust-anchor>
> </identity>
> </identities>
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
> not-for-profit company which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>
|