[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nufw-users] How to get the right certificate when using nutcpc to
|
From: |
Eric Leblond |
|
Subject: |
Re: [Nufw-users] How to get the right certificate when using nutcpc to connect to NuFW |
|
Date: |
Wed, 28 Oct 2009 10:58:33 +0100 |
Hi,
Le mercredi 28 octobre 2009 à 16:20 +0700, Nguyen Anh Dung a écrit :
> Hi All,
> I'm a newbie to NuFW and i'm trying to install NuFW from source code
> in Trustix Linux 3.0.5 (kernel 2.6.19.7-3). After several days of
> wrestling :P, i installed it successfully as guided in the handbook
> 2.2.
> I do everything as guided in the handbook from step 3.5.1 to step
> 3.6.3 (with common name in certificate is 'right' (my hostname)).
>
> However, when i used nutcpc to connect to NuFW, there are errors:
>
> nutcpc -N -d -C /etc/nufw/nufw-cert.pem -A /etc/nufw/NuFW-cacert.pem
> -K /etc/nufw/nufw-key.pem -H right
> Error in client
> Connecting to NuFW gateway (right)
> Unable to initate connection to NuFW gateway
> Problem: Certificate authority verification failed: invalid, signer not
> found
> Authentication failed (check parameters)
> Error in server
> ** Message: [7] TLS Handshaking (last error: 0)
> ** Message: [4] TLS handshake has failed (The peer did not send any
> certificate.)
> ** Message: [4] Failed connection from client 127.0.0.1
> GNUTLS ERROR: Error in the push function
> Unable to setup connect
This error is commonly found when client and server do not used the same
certificate authority. Please check that nuauth is using a certificate
provided by NuFW-cacert.pem. If this is not the case, nutcpc will not
send its certificate to the server because it has no certificate the
server can check.
BR,
>
> nutcpc -N -d -U root -H right (as in the guideline)
> Error in client
> ******* WARNING ******
> You are trying to connect to nuauth without configuring a
> certificate authority (CA)
> You are vulnerable to attack like man-in-the-middle.
> Do you really want to do that? Type "yes" to continue: yes
> Connecting to NuFW gateway (127.0.0.1)
> TLS error: server request certificate, none configured
> Unable to initate connection to NuFW gateway
> Problem: Certificate authority verification failed: invalid,
> signer not found
> Authentication failed (check parameters)
> Error in server
> WARNING: you have not provided any certificate authority.
> nutcpc will *NOT* verify server certificate trust.
> Use the -A <cafile> option to setup CA.
> As certificate will not be trusted, disabling FQDN check.
> ** Message: [7] TLS Handshaking (last error: 0)
> ** Message: [4] TLS handshake has failed (The peer did not send any
> certificate.)
> ** Message: [4] Failed connection from client 127.0.0.1
> GNUTLS ERROR: Error in the push function
> Unable to setup connect
>
> I use "netstat -np" and confirm that nuauth has connected to NuFW.
>
> BTW, nutcpc have 3 options, -C, -A, and -K. I can understand -K but
> confuse about -A and -C. How can i distinguish them and create them?
-A : certificate authority : the public certificate of the PKI
-K : the private key
-C : the certificate (corresponding to the private key)
>
> P/S: Is there any one who only follow the instructions in the handbook
> can make NuFW work?
Looks like some have succedeed ;)
BR,
>
> Thank you so much.
> Dzung Nguyen.
>
>
> _______________________________________________
> Nufw-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/nufw-users
signature.asc
Description: Ceci est une partie de message numériquement signée