Re: [Pulp-list] Repository protection

Wed, 15 Mar 2017 05:49:12 -0700 

Okay... but with this solution i´ve the same CA for all repositories? How
can I use the per repo auth feature like --auth-ca etc...

2017-03-15 13:42 GMT+01:00 Rene L <tuz1...@gmail.com>:

> Solved... i´ve to set the SSLCACertificateFile to the generated ca cert...
> the documentation for this use case looks bad. O;-)
>
> Regards
>
> 2017-03-15 11:15 GMT+01:00 Rene L <tuz1...@gmail.com>:
>
>> Hi,
>>
>> i´ve tried many setups for the configuration, but nothing works for me.
>> I´ve tried the playpen/certs/ example, too. My setup:
>>
>> - basic pulp installation
>> - set the cert/key/ca (ssl.conf) to a trusted ca (comodo)
>> - generate a own ca for repo auth
>> - create a client key/cert with the following extension and sign them
>>
>> > [pulp-repos]
>> > basicConstraints=CA:FALSE
>> > 1.3.6.1.4.1.2312.9.2.0000.1=ASN1:UTF8:yum
>> > 1.3.6.1.4.1.2312.9.2.0000.1.1=ASN1:UTF8:Pulp
>> > 1.3.6.1.4.1.2312.9.2.0000.1.2=ASN1:UTF8:pulp-repo-test
>> > 1.3.6.1.4.1.2312.9.2.0000.1.6=ASN1:UTF8:pulp/repos/test/
>>
>> - enable the auth (repo_auth.conf)
>> - create a test repository and set the --auth-ca parameter to the
>> generated ca
>> - try to get something from the test repo
>>
>> > curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert
>> --key ./certs/Pulp_client.key https://%s/pulp/repos/test/
>> > curl: (60) Peer's certificate issuer has been marked as not trusted by
>> the user.
>>
>> > curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert
>> --key ./certs/Pulp_client.key https://%s/pulp/repos/test/ -k
>> > curl: (56) Peer does not recognize and trust the CA that issued your
>> certificate.
>>
>> Does anyone can say me, where's my fallacy?
>>
>> Regards
>>
>> 2017-03-13 17:44 GMT+01:00 Rene L <tuz1...@gmail.com>:
>>
>>> Hi Guys,
>>>
>>> I want to protect some repositories, but  just found this blog entry
>>> from 2011:
>>>
>>> http://pulpproject.org/2011/05/18/pulp-protected-repositories/
>>>
>>> The documentation dont works for me. Did you have any other guides for
>>> this usecase?
>>>
>>> Kind regards
>>>
>>
>>
>

_______________________________________________
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

Reply via email to