On Monday 07 April 2008 07:31:57 Henrik Stoerner wrote:
On Sun, Apr 06, 2008 at 11:39:15AM +0200, Lars Ebeling wrote:
2008-04-06 11:17:41 hobbitlaunch starting 2008-04-06 11:17:41 Loading tasklist configuration from /home/hobbit/server/etc/ hobbitlaunch.cfg 2008-04-06 11:17:41 Loading hostnames 2008-04-06 11:17:41 Loading saved state 2008-04-06 11:17:42 Setting up network listener on 0.0.0.0:1984 2008-04-06 11:17:42 Setting up local listener 2008-04-06 11:17:43 Cannot load SSL certificate 18193:error:02001002:system library:fopen:No such file or directory:bss_file.c:3 49:fopen('/home/hobbit/server/etc/hobbitserver.cert','r')
Yep, working on adding support for SSL-encrypted connections to the Hobbit server. Server-side is done, client-side needs some re-writing of a module.
There's a decent tutorial on creating your own SSL certificates at http://www.akadia.com/services/ssh_test_certificate.html
Note that this says nothing about certificate validation. Will requiring certificate validation be possible with Hobbit (both client and server-side)?
Although You obviously cannot use it until I get the client-side code finished.
I'll note that on larger deployments, it may be better to generate an internal CA certificate. We use OpenCA (although OpenXPKI is worth a look) for certificates for OpenVPN, Cisco VPN routers and clients, our LDAP servers, our audited shell server and clients etc. It supports enrolment via SCEP (Cisco routers, Cisco VPN client, autosscep or sscep for generic Unix machines).
Regards, Buchan