1. 14 Jan, 2013 1 commit
  2. 03 Feb, 2005 1 commit
  3. 04 Oct, 2004 1 commit
    • Leigh Stoller's avatar
      Add several configure variables to the defs file so that the ssl certificates · ad3a6c5b
      Leigh Stoller authored
      (config files) can be localized:
      
      	C                      = @SSLCERT_COUNTRY@
      	ST                     = @SSLCERT_STATE@
      	L                      = @SSLCERT_LOCALITY@
      	O                      = @SSLCERT_ORGNAME@
      
      Which are initialized locally to:
      
      	SSLCERT_COUNTRY="US"
      	SSLCERT_STATE="Utah"
      	SSLCERT_LOCALITY="Salt Lake City"
      	SSLCERT_ORGNAME="Utah Network Testbed"
      
      Also added an "apache" target which will generate an initial cert/key
      for the apache server. This is a self signed certificate of course, which
      is fine for getting a new site off the ground. Note that the cert/key are
      installed during by install/boss-install.
      ad3a6c5b
  4. 14 May, 2002 1 commit
    • Leigh Stoller's avatar
      Fixes to make sure the certificates are really good for three years. · 6305e238
      Leigh Stoller authored
      So, the length of time is set in the .cnf file when signing a cert
      with the CA. However, the length of time the CA is good for is not set
      in the .cnf file (the entry is ignored). Rather, it has to be on the
      command line. So, the certs really were good for 3 years; it was the
      CA that had expired, and once that happens the certs are no longer any
      good. Very bogus.
      6305e238
  5. 10 Apr, 2002 1 commit
    • Leigh Stoller's avatar
      Convert to prompt=no, with per cert config files. This avoids all · 658ee16b
      Leigh Stoller authored
      interaction with the user. The main point to note is that for the
      clients, there is a localnode.cnf and a ronnode.cnf. The difference is
      that I encode the type (pcron) in one of the extra fields so that tmcd
      can do a check on it. This is in lieu of per client certs, which would
      be a big pain in the butt right now. As we add other remote groups, we
      will create new config files. I bet this will change over time, as
      we learn more.
      
      Chad, it would be nice the tiptunnel cert could be generated from this
      setup.
      658ee16b