[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SSL
|
From: |
Christian Hopp |
|
Subject: |
SSL |
|
Date: |
Fri, 11 Oct 2002 18:24:37 +0200 (CEST) |
Hi!
There is a new feature for monit-ssl,
you CAN specify a "client ssl pem file". That means... monit would
only allow connection if the client supplies a cert fitting a cert in
the "client ssl file" => You need a password AND a sufficient
cert/private key combination on the client for a successful connection!
I hope it makes sense??? I am getting confused already with all that
keys and certs. (-:
But it works... that means... monit status (et. al.) connects with
proper client cert and is accepted by monit. As long as:
- the client cert has the right "purpose"... of course "client"
- if the cert is CA certified you have to supply the cert of the ca
within the "client ssl pem file"
- for cli support monit uses it's own server privkey+cert
So what I don't know is... should we treat self certified certificates
as errors or should we allow them. For openssl it's an error which
could be overridden! Right now monit would throw a warning to the log
but allows the connection.
What do you think... should I commit?
Christian
--
Christian Hopp email: address@hidden
Institut für Elektrische Informationstechnik fon: +49-5323-72-2113
Technische Universität Clausthal fax: +49-5323-72-3197
pgpkey: https://www.iei.tu-clausthal.de/pgp-keys/chopp.key.asc (2001-11-22)
- SSL,
Christian Hopp <=
- Re: SSL, Jan-Henrik Haukeland, 2002/10/11