diff options
author | Sol Jerome <solj@ices.utexas.edu> | 2010-01-11 19:20:16 +0000 |
---|---|---|
committer | Sol Jerome <solj@ices.utexas.edu> | 2010-01-11 19:20:16 +0000 |
commit | 9afe5e46407af2613ae55b89ae9abafd7d7de6e1 (patch) | |
tree | 11970c3f288ed84a5b6bdd03ee8a0851e377d557 /doc | |
parent | e0df4d0993fe524b0d3b7a9b5f203aaa3ab1d7b3 (diff) | |
download | bcfg2-9afe5e46407af2613ae55b89ae9abafd7d7de6e1.tar.gz bcfg2-9afe5e46407af2613ae55b89ae9abafd7d7de6e1.tar.bz2 bcfg2-9afe5e46407af2613ae55b89ae9abafd7d7de6e1.zip |
doc: Add note about certificate creation when using SSL
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5670 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'doc')
-rw-r--r-- | doc/authentication.txt | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/doc/authentication.txt b/doc/authentication.txt index 2a72917a3..56cb7ce3e 100644 --- a/doc/authentication.txt +++ b/doc/authentication.txt @@ -77,8 +77,8 @@ per-client passwords set will not be able to connect. SSL Cert-based client authentication ==================================== -As of 1.0pre3, SSL-based client authentication is supported. This -requires several things: +SSL-based client authentication is supported. This requires several +things: #. Certificate Authority (to sign all keys) @@ -98,6 +98,21 @@ using the following set of steps: http://www.flatmtn.com/article/setting-ssl-certificates-apache + .. note:: + The client CN must be the FQDN of the client (as returned by a + reverse DNS lookup of the ip address. Otherwise, you will end up + with an error message on the client that looks like:: + + Server failure: Protocol Error: 401 Unauthorized + Failed to download probes from bcfg2 + Server Failure + + on the client. You will also see an error message on the server + that looks something like:: + + cmssrv01 bcfg2-server[9785]: Got request for cmssrv115 from incorrect address 131.225.206.122 + cmssrv01 bcfg2-server[9785]: Resolved to cmssrv115.fnal.gov + #. Distribute the keys and certs to the appropriate locations #. Copy the ca cert to clients, so that the server can be authenticated |