| AMSSL(8) | System Administration Commands | AMSSL(8) |
NAME¶
amssl - Program to manage amanda ssl certificates
SYNOPSIS¶
amssl [--client] [--init | --create-ca | --create-server-cert server-host | --create-client-cert client-host [--server server-host] ] [--country country-code] [--state state] [--locality locality] [--organisation organisation] [--organisation-unit organisation-unit] [--common common-name] [--email email] [-o configoption...] [--config config]
DESCRIPTION¶
amssl is a program to manage amanda ssl certificates for the ssl auth. It can create self-signed CA, server certificate and client certificates.
OPTIONS¶
--create-ca
--create-server-cert
--create-client-cert CLIENT-HOSTNAME
--server SERVER-HOSTNAME
--batch
This option is useless if one the fields was not set in the initiatization.
--client
--init
The following options are the one needed by a certificate
--country
--state
--locality
--organisation
--organisation-unit
--common
INITIALISATION¶
Must be run once before any other command
Create a template openssl.cnf file and a configuration file with the value provided, they are used in future command so you do not need to enter them at every invocation.
The value provided must be the one you want in the certificate.
amssl [--client] --init [--country country-code] [--state state] [--locality locality] [--organisation organisation] [--organisation-unit organisation-unit] [--common common-name] [--email email] [-o configoption...] [--config config]
A client is initialized with the --client options.
Create
$SSL_DIR/openssl.cnf.template
$SSL_DIR/openssl.data
CREATE A SELF-SIGNED CA¶
Create a self-signed CA.
amssl --create-ca [--batch] [--config CONFIG]
You can also provide all options of the initialization step
You must enter a new CA passphrase, you must keep it secret and remember it. It will be required every time you need to create a new cetificate.
After you enter the passphrase, it will be asked 3 other times.
Create
$SSL_DIR/CA/crt.pem
$SSL_DIR/CA/private/key.pem
CREATE THE SERVER CERTIFICATE¶
Create the amanda server certificate.
amssl --create-server-cert HOSTNAME [--batch] [--config CONFIG]
You can also provide all options of the initialization step
The CA passphrase is asked.
Create
$SSL_DIR/me/crt.pem
$SSL_DIR/me/fingerprint
$SSL_DIR/me/private/key.pem
$SSL_DIR/remote/HOSTNAME -> ../me
CREATE A CLIENT CERTIFICATE¶
Create a client certificate, sign it by the CA certicate on the server and both server and client learn the remore fingerprint.
DO NOT RUN IT ON SERVER. This will detroy the server certificate
It require to run amssl on the server and client at the same time
ssl-dir must be set in amanda-client.conf on the client.
Both server and client must already be initialized.
Run on the server:
amssl --create-client-cert client-host [--config CONFIG]
It wait for the client to connect and then sign the client certificate, The CA passphrase is asked.
Run on the client:
amssl --client --create-client-cert CLIENT-HOST --server SERVER-HOST [--batch] [--config CONFIG]
Create on server
$SSL_DIR/remote/CLIENT-HOST/fingerprint
Create on client
$SSL_DIR/me/crt.pem
$SSL_DIR/me/fingerprint
$SSL_DIR/me/private/key.pem
$SSL_DIR/remote/SERVER-HOST/fingerprint
EXAMPLE¶
Initialize the server
Create the CA on the server
Create the server certificate
Create a client certificate
On server:
On client:
amssl --client --create-client-cert client.zmanda.com --server server.zmanda.com
SEE ALSO¶
amanda(8), amanda.conf(5), amanda-client.conf(5), amanda(8), amanda-auth(7), amanda-auth-ssl(7)
The Amanda Wiki: : http://wiki.zmanda.com/
AUTHORS¶
James da Silva <jds@amanda.org>
Stefan G. Weichinger <sgw@amanda.org>
| 12/01/2017 | Amanda 3.5.1 |