Mailinglist Archive: opensuse-autoinstall (49 mails)
| < Previous | Next > |
[opensuse-autoinstall] Installation via HTTPS client certificate
- From: "Jochen Schaefer" <jschaef@xxxxxxxxxx>
- Date: Tue, 26 Jul 2011 09:37:36 +0100
- Message-id: <4E2E8AE8020000970007446E@nat28.tlf.novell.com>
Hi list,
I'm trying an auto installation (SLES11-SP1) via HTTPS and authentication with
client certificates.
To achieve this I copied CA certificate and client certificate into initrd,
executed c_rehash and edited
/root/.curlrc within initrd to know about the certificates:
--capath = /etc/ssl/certs/
--cert = /etc/ssl/client/xyz
profile is specified like https://10.1.1.1/xml/
Unfortunately yast is still not able to fetch the profile.
When I do an ssh based installation ending up in the dialog where yast failes
I'm able to get
the profile from a second ssh console via curl without specifying any cert
parameters:
curl https://10.1.1.1/xml/default shows the content of default file.
A check from outside the installation environment without specifying a
certificate fails with SSL Handshake error and proves that the virtual host
configuration seems ok.
The opposite check where I provided certificate parameters to curl from outside
worked as well.
/var/log/YaST/y2log within installation environment shows:
CurlConfig.cc(parseConfig):44 Going to parse /root/.curlrc
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++] CurlConfig.cc(parseConfig):106
GOT: capath
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++]
CurlConfig.cc(setParameter):178 Ignoring option capath
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++] CurlConfig.cc(parseConfig):106
GOT: cert
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++]
CurlConfig.cc(setParameter):178 Ignoring option cert
which leads to the assumption that yast is not considering options from
/root/.curlrc?
Does anybody know how to configure yast/curl to accept parameters from .curlrc?
Another attempt could be to use aria2c within initrd since following line is
displayed in y2log:
aria2c not found. Falling back to curl
But will yast consider any certificate parameters for aria2c or will I end with
the same problem finally?
Thanks,
Jochen
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx
I'm trying an auto installation (SLES11-SP1) via HTTPS and authentication with
client certificates.
To achieve this I copied CA certificate and client certificate into initrd,
executed c_rehash and edited
/root/.curlrc within initrd to know about the certificates:
--capath = /etc/ssl/certs/
--cert = /etc/ssl/client/xyz
profile is specified like https://10.1.1.1/xml/
Unfortunately yast is still not able to fetch the profile.
When I do an ssh based installation ending up in the dialog where yast failes
I'm able to get
the profile from a second ssh console via curl without specifying any cert
parameters:
curl https://10.1.1.1/xml/default shows the content of default file.
A check from outside the installation environment without specifying a
certificate fails with SSL Handshake error and proves that the virtual host
configuration seems ok.
The opposite check where I provided certificate parameters to curl from outside
worked as well.
/var/log/YaST/y2log within installation environment shows:
CurlConfig.cc(parseConfig):44 Going to parse /root/.curlrc
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++] CurlConfig.cc(parseConfig):106
GOT: capath
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++]
CurlConfig.cc(setParameter):178 Ignoring option capath
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++] CurlConfig.cc(parseConfig):106
GOT: cert
2011-07-26 06:17:00 <1> 10.0.4.96(3544) [zypp++]
CurlConfig.cc(setParameter):178 Ignoring option cert
which leads to the assumption that yast is not considering options from
/root/.curlrc?
Does anybody know how to configure yast/curl to accept parameters from .curlrc?
Another attempt could be to use aria2c within initrd since following line is
displayed in y2log:
aria2c not found. Falling back to curl
But will yast consider any certificate parameters for aria2c or will I end with
the same problem finally?
Thanks,
Jochen
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx
| < Previous | Next > |