Mailinglist Archive: opensuse-buildservice (272 mails)

< Previous Next >
[opensuse-buildservice] OBS 1.3 Privately signed certificate and osc
  • From: "Dominig ar Foll (Intel OTC)" <dominig.arfoll@xxxxxxxxx>
  • Date: Wed, 04 Apr 2012 16:19:15 +0200
  • Message-id: <4F7C5863.6050004@fridu.net>
Hello,

having just updated to OBS 1.3, my API is now running under https (not a
bad idea).
I have created a PRIVATE certificate following the README.
---------------

mkdir /srv/obs/certs
openssl genrsa -out /srv/obs/certs/server.key 1024
openssl req -new -key /srv/obs/certs/server.key \
-out /srv/obs/certs/server.csr
openssl x509 -req -days 365 -in /srv/obs/certs/server.csr \
-signkey /srv/obs/certs/server.key -out /srv/obs/certs/server.crt
cat /srv/obs/certs/server.key /srv/obs/certs/server.crt \
> /srv/obs/certs/server.pem

----------------------
I see that with osc (version 0.134.1)

if the privately signed certificate is create with a Common Name (CN)
which is not the server name, osc refuses to chat with the API. That is
bit strick as :

- CN name is normally free of use
- In that mode access via IP address is not possible any more
- auto recovery system with shadow server configuration cannot be done.

That is very strange as it seems that when the certificate with an
official root, the common name is not critical.

Any clue how to overcome that issue ?

Regards

-- Dominig



--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >