[Pulp-list] Repository protection

[Rene L]

Solved... i´ve to set the SSLCACertificateFile to the generated ca cert...
the documentation for this use case looks bad. O;-)

Regards

2017-03-15 11:15 GMT+01:00 Rene L <tuz1986 at gmail.com>:

> Hi,
>
> i´ve tried many setups for the configuration, but nothing works for me.
> I´ve tried the playpen/certs/ example, too. My setup:
>
> - basic pulp installation
> - set the cert/key/ca (ssl.conf) to a trusted ca (comodo)
> - generate a own ca for repo auth
> - create a client key/cert with the following extension and sign them
>
> > [pulp-repos]
> > basicConstraints=CA:FALSE
> > 1.3.6.1.4.1.2312.9.2.0000.1=ASN1:UTF8:yum
> > 1.3.6.1.4.1.2312.9.2.0000.1.1=ASN1:UTF8:Pulp
> > 1.3.6.1.4.1.2312.9.2.0000.1.2=ASN1:UTF8:pulp-repo-test
> > 1.3.6.1.4.1.2312.9.2.0000.1.6=ASN1:UTF8:pulp/repos/test/
>
> - enable the auth (repo_auth.conf)
> - create a test repository and set the --auth-ca parameter to the
> generated ca
> - try to get something from the test repo
>
> > curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert --key
> ./certs/Pulp_client.key https://%s/pulp/repos/test/
> > curl: (60) Peer's certificate issuer has been marked as not trusted by
> the user.
>
> > curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert --key
> ./certs/Pulp_client.key https://%s/pulp/repos/test/ -k
> > curl: (56) Peer does not recognize and trust the CA that issued your
> certificate.
>
> Does anyone can say me, where's my fallacy?
>
> Regards
>
> 2017-03-13 17:44 GMT+01:00 Rene L <tuz1986 at gmail.com>:
>
>> Hi Guys,
>>
>> I want to protect some repositories, but  just found this blog entry from
>> 2011:
>>
>> http://pulpproject.org/2011/05/18/pulp-protected-repositories/
>>
>> The documentation dont works for me. Did you have any other guides for
>> this usecase?
>>
>> Kind regards
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20170315/6129321c/attachment.htm>