[Nufw-users] How to get the right certificate when using nutcpc to conne

nufw-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nufw-users] How to get the right certificate when using nutcpc to conne

From:	Nguyen Anh Dung
Subject:	[Nufw-users] How to get the right certificate when using nutcpc to connect to NuFW
Date:	Wed, 28 Oct 2009 16:20:11 +0700

Hi All,
I'm a newbie to NuFW and i'm trying to install NuFW from source code
in Trustix Linux 3.0.5 (kernel 2.6.19.7-3). After several days of
wrestling :P, i installed it successfully as guided in the handbook
2.2.
I do everything as guided in the handbook from step 3.5.1 to step
3.6.3 (with common name in certificate is 'right' (my hostname)).

However, when i used nutcpc to connect to NuFW, there are errors:

nutcpc -N -d -C /etc/nufw/nufw-cert.pem -A /etc/nufw/NuFW-cacert.pem
-K /etc/nufw/nufw-key.pem -H right
Error in client
   Connecting to NuFW gateway (right)
   Unable to initate connection to NuFW gateway
   Problem: Certificate authority verification failed: invalid, signer not found
   Authentication failed (check parameters)
Error in server
   ** Message: [7] TLS Handshaking (last error: 0)
   ** Message: [4] TLS handshake has failed (The peer did not send any
certificate.)
   ** Message: [4] Failed connection from client 127.0.0.1
   GNUTLS ERROR: Error in the push function
   Unable to setup connect

nutcpc -N -d -U root -H right (as in the guideline)
Error in client
    *******    WARNING   ******
    You are trying to connect to nuauth without configuring a
certificate authority (CA)
    You are vulnerable to attack like man-in-the-middle.
    Do you really want to do that? Type "yes" to continue: yes
    Connecting to NuFW gateway (127.0.0.1)
    TLS error: server request certificate, none configured
    Unable to initate connection to NuFW gateway
    Problem: Certificate authority verification failed: invalid,
signer not found
    Authentication failed (check parameters)
Error in server
   WARNING: you have not provided any certificate authority.
   nutcpc will *NOT* verify server certificate trust.
   Use the -A <cafile> option to setup CA.
   As certificate will not be trusted, disabling FQDN check.
   ** Message: [7] TLS Handshaking (last error: 0)
   ** Message: [4] TLS handshake has failed (The peer did not send any
certificate.)
   ** Message: [4] Failed connection from client 127.0.0.1
   GNUTLS ERROR: Error in the push function
   Unable to setup connect

I use "netstat -np" and confirm that nuauth has connected to NuFW.

BTW, nutcpc have 3 options, -C, -A, and -K. I can understand -K but
confuse about -A and -C. How can i distinguish them and create them?

P/S: Is there any one who only follow the instructions in the handbook
can make NuFW work?

Thank you so much.
Dzung Nguyen.

[Prev in Thread]

Current Thread

[Next in Thread]

[Nufw-users] How to get the right certificate when using nutcpc to connect to NuFW, Nguyen Anh Dung <=
- Re: [Nufw-users] How to get the right certificate when using nutcpc to connect to NuFW, Eric Leblond, 2009/10/28
  - RE: [Nufw-users] How to get the right certificate when usingnutcpc to connect to NuFW, Nguyen Anh Dung, 2009/10/28
    - RE: [Nufw-users] How to get the right certificate when usingnutcpc to connect to NuFW, Eric Leblond, 2009/10/31
    - RE: [Nufw-users] How to get the right certificate when usingnutcpc to connect to NuFW, Nguyen Anh Dung, 2009/10/29
- [Nufw-users] How to get the right certificate when using nutcpc to connect to NuFW, Nguyen Anh Dung, 2009/10/28

Next by Date: [Nufw-users] How to get the right certificate when using nutcpc to connect to NuFW
Next by thread: Re: [Nufw-users] How to get the right certificate when using nutcpc to connect to NuFW
Index(es):
- Date
- Thread