 |
 |
Hi, ----- Original Message ----- > From: "Adam Bishop" <[log in to unmask]> > To: [log in to unmask] > Sent: Thursday, 30 January, 2014 1:32:41 PM > Subject: Re: Client certificate configuration > > On 20 Jan 2014, at 11:43, Kalle Happonen <[log in to unmask]> wrote: > > So, first of all, the linux version of moonshot-ui seems to have moved to > > use gnome-keyring. Does it still use identities.txt to configure the > > client, i.e. do you configure the server certs there? > > Yes and no. There's a config file in /etc/moonshot/flatstore-users that > controls the use of this file. For headless users, you should make sure > they're using the flatstore at this time, as there are some rough edges > around gnome-keyring. > > > Second, what should be put in these configuration variables > > CA-Cert= > > Subject= > > SubjectAlt= > > ServerCert= > > > At the moment, we specify the hash of the certificate (sha256 if I recall > correctly). Subject is the subject string in the certificate (i.e. if you > want to trust a whole CA, but still only want to trust a specific cert) You > don't need to populate all of them. So basically just openssl x509 -in server.pem |sha256sum ? > > There's a tool you can use to partially automate this - moonshot-webp. It > consumes an XML file and configures identities as required. I've added a > sample to this message. That seems to be what I need. Is there a more comprehensive reference for the tool or the xml file? Cheers, Kalle > > Regards, > > Adam Bishop > Systems Development Specialist > > gpg: 0x6609D460 > t: +44 (0)1235 822 245 > xmpp: [log in to unmask] > > Janet, the UK's research and education network. > > ----------------------------------------------- > > <?xml version="1.0" encoding="UTF-8"?> > <identities> > <identity> > <display-name>Trust Router Credential generated at > 1384125156</display-name> > <user>a90e8d03-7de7-40d1-b00c-2256f03b8ae8</user> > <password>notapassword</password> > <realm>apc.moonshot.ja.net</realm> > <selection-rules> > <rule> > <pattern>trustidentity</pattern> > <always-confirm>false</always-confirm> > </rule> > </selection-rules> > <trust-anchor> > <server-cert>59b0c4e5d65f198095ece38bdac6394c7bf235bcee47b1c8276a0d3c2c80607e</server-cert> > </trust-anchor> > </identity> > </identities> > Janet(UK) is a trading name of Jisc Collections and Janet Limited, a > not-for-profit company which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 >