AMSSL(8) - Linux man page online | Administration and privileged commands
Program to manage amanda ssl certificates.
Chapter
12/01/2017
AMSSL(8) System Administration Commands AMSSL(8)
@email.com'
Create the CA on the server
amssl --create-ca
Create the server certificate
amssl --create-server-cert server.zmanda.com
Create a client certificate
On server:
amssl --create-client-cert client.zmanda.com
On client:
amssl --client --init --country US --state California --locality Sunnyvale
--organisation zmanda --organistion-unit engineering --common boss --email
'@email.com'
amssl --client --create-client-cert client.zmanda.com --server server.zmanda.com
@amanda.org>
Stefan G. Weichinger <
@amanda.org>
NAME
amssl - Program to manage amanda ssl certificatesSYNOPSIS
amssl [--client] [--init | --create-ca | --create-server-cert server-host | --create-client-cert client-host [--server server-host] ] [--country country-code] [--state state] [--locality locality] [--organisation organisation] [--organisation-unit organisation-unit] [--common common-name] [--email email] [-o configoption...] [--config config]DESCRIPTION
amssl is a program to manage amanda ssl certificates for the ssl auth. It can create self-signed CA, server certificate and client certificates.OPTIONS
--create-ca Create a self-signed CA. --create-server-cert Create a server certificate. --create-client-cert CLIENT-HOSTNAME Create a client certificate. --server SERVER-HOSTNAME The amanda server to connect to. --batch use the certificate fields set in the initialization, there is confirmation. This option is useless if one the fields was not set in the initiatization. --client When running amssl on a client. --init Initialize the host. The following options are the one needed by a certificate --country The two letter country code. --state The State. --locality The locality. --organisation The organisation --organisation-unit The organisation unit. --common The common name. --email The email.INITIALISATION
Must be run once before any other command Create a template openssl.cnf file and a configuration file with the value provided, they are used in future command so you do not need to enter them at every invocation. The value provided must be the one you want in the certificate. amssl [--client] --init [--country country-code] [--state state] [--locality locality] [--organisation organisation] [--organisation-unit organisation-unit] [--common common-name] [--email email] [-o configoption...] [--config config] A client is initialized with the --client options. Create $SSL_DIR/openssl.cnf.template $SSL_DIR/openssl.data CREATE A SELF-SIGNED CA Create a self-signed CA. amssl --create-ca [--batch] [--config CONFIG] You can also provide all options of the initialization step You must enter a new CA passphrase, you must keep it secret and remember it. It will be required every time you need to create a new cetificate. After you enter the passphrase, it will be asked 3 other times. Create $SSL_DIR/CA/crt.pem $SSL_DIR/CA/private/key.pemCREATE THE SERVER CERTIFICATE
Create the amanda server certificate. amssl --create-server-cert HOSTNAME [--batch] [--config CONFIG] You can also provide all options of the initialization step The CA passphrase is asked. Create $SSL_DIR/me/crt.pem $SSL_DIR/me/fingerprint $SSL_DIR/me/private/key.pem $SSL_DIR/remote/HOSTNAME -> ../meCREATE A CLIENT CERTIFICATE
Create a client certificate, sign it by the CA certicate on the server and both server and client learn the remore fingerprint. DO NOT RUN IT ON SERVER. This will detroy the server certificate It require to run amssl on the server and client at the same time ssl-dir must be set in amanda-client.conf on the client. Both server and client must already be initialized. Run on the server: amssl --create-client-cert client-host [--config CONFIG] It wait for the client to connect and then sign the client certificate, The CA passphrase is asked. Run on the client: amssl --client --create-client-cert CLIENT-HOST --server SERVER-HOST [--batch] [--config CONFIG] Create on server $SSL_DIR/remote/CLIENT-HOST/fingerprint Create on client $SSL_DIR/me/crt.pem $SSL_DIR/me/fingerprint $SSL_DIR/me/private/key.pem $SSL_DIR/remote/SERVER-HOST/fingerprintEXAMPLE
Initialize the server amssl --init --country US --state California --locality Sunnyvale --organisation zmanda --organistion-unit engineering --common boss --email '@email.com'
Create the CA on the server
amssl --create-ca
Create the server certificate
amssl --create-server-cert server.zmanda.com
Create a client certificate
On server:
amssl --create-client-cert client.zmanda.com
On client:
amssl --client --init --country US --state California --locality Sunnyvale
--organisation zmanda --organistion-unit engineering --common boss --email
'@email.com'
amssl --client --create-client-cert client.zmanda.com --server server.zmanda.com
SEE ALSO
amanda(8), amanda.conf(5), amanda-client.conf(5), amanda(8), amanda-auth(7), amanda-auth- ssl(7) The Amanda Wiki: : http://wiki.zmanda.com/AUTHORS
James da Silva <@amanda.org>
Stefan G. Weichinger <@amanda.org>| This manual | Reference | Other manuals |
|---|---|---|
| amssl(8) | referred by | amanda-auth-ssl(7) |
| refer to | amanda(8) | amanda-auth(7) | amanda-client.conf(5) | amanda.conf(5) | ssl(7) |