SIMPLE SOLUTIONS

AMSSL(8) - Linux man page online | Administration and privileged commands

Program to manage amanda ssl certificates.

Chapter
12/01/2017
AMSSL(8) System Administration Commands AMSSL(8)

NAME

amssl - Program to manage amanda ssl certificates

SYNOPSIS

amssl [--client] [--init | --create-ca | --create-server-cert server-host | --create-client-cert client-host [--server server-host] ] [--country country-code] [--state state] [--locality locality] [--organisation organisation] [--organisation-unit organisation-unit] [--common common-name] [--email email] [-o configoption...] [--config config]

DESCRIPTION

amssl is a program to manage amanda ssl certificates for the ssl auth. It can create self-signed CA, server certificate and client certificates.

OPTIONS

--create-ca Create a self-signed CA. --create-server-cert Create a server certificate. --create-client-cert CLIENT-HOSTNAME Create a client certificate. --server SERVER-HOSTNAME The amanda server to connect to. --batch use the certificate fields set in the initialization, there is confirmation. This option is useless if one the fields was not set in the initiatization. --client When running amssl on a client. --init Initialize the host. The following options are the one needed by a certificate --country The two letter country code. --state The State. --locality The locality. --organisation The organisation --organisation-unit The organisation unit. --common The common name. --email The email.

INITIALISATION

Must be run once before any other command Create a template openssl.cnf file and a configuration file with the value provided, they are used in future command so you do not need to enter them at every invocation. The value provided must be the one you want in the certificate. amssl [--client] --init [--country country-code] [--state state] [--locality locality] [--organisation organisation] [--organisation-unit organisation-unit] [--common common-name] [--email email] [-o configoption...] [--config config] A client is initialized with the --client options. Create $SSL_DIR/openssl.cnf.template $SSL_DIR/openssl.data CREATE A SELF-SIGNED CA Create a self-signed CA. amssl --create-ca [--batch] [--config CONFIG] You can also provide all options of the initialization step You must enter a new CA passphrase, you must keep it secret and remember it. It will be required every time you need to create a new cetificate. After you enter the passphrase, it will be asked 3 other times. Create $SSL_DIR/CA/crt.pem $SSL_DIR/CA/private/key.pem

CREATE THE SERVER CERTIFICATE

Create the amanda server certificate. amssl --create-server-cert HOSTNAME [--batch] [--config CONFIG] You can also provide all options of the initialization step The CA passphrase is asked. Create $SSL_DIR/me/crt.pem $SSL_DIR/me/fingerprint $SSL_DIR/me/private/key.pem $SSL_DIR/remote/HOSTNAME -> ../me

CREATE A CLIENT CERTIFICATE

Create a client certificate, sign it by the CA certicate on the server and both server and client learn the remore fingerprint. DO NOT RUN IT ON SERVER. This will detroy the server certificate It require to run amssl on the server and client at the same time ssl-dir must be set in amanda-client.conf on the client. Both server and client must already be initialized. Run on the server: amssl --create-client-cert client-host [--config CONFIG] It wait for the client to connect and then sign the client certificate, The CA passphrase is asked. Run on the client: amssl --client --create-client-cert CLIENT-HOST --server SERVER-HOST [--batch] [--config CONFIG] Create on server $SSL_DIR/remote/CLIENT-HOST/fingerprint Create on client $SSL_DIR/me/crt.pem $SSL_DIR/me/fingerprint $SSL_DIR/me/private/key.pem $SSL_DIR/remote/SERVER-HOST/fingerprint

EXAMPLE

Initialize the server amssl --init --country US --state California --locality Sunnyvale --organisation zmanda --organistion-unit engineering --common boss --email '@email.com' Create the CA on the server amssl --create-ca Create the server certificate amssl --create-server-cert server.zmanda.com Create a client certificate On server: amssl --create-client-cert client.zmanda.com On client: amssl --client --init --country US --state California --locality Sunnyvale --organisation zmanda --organistion-unit engineering --common boss --email '@email.com' amssl --client --create-client-cert client.zmanda.com --server server.zmanda.com

SEE ALSO

amanda(8), amanda.conf(5), amanda-client.conf(5), amanda(8), amanda-auth(7), amanda-auth- ssl(7) The Amanda Wiki: : http://wiki.zmanda.com/

AUTHORS

James da Silva <@amanda.org> Stefan G. Weichinger <@amanda.org>
Amanda 3.5.1 12/01/2017 AMSSL(8)
This manual Reference Other manuals
amssl(8) referred by amanda-auth-ssl(7)
refer to amanda(8) | amanda-auth(7) | amanda-client.conf(5) | amanda.conf(5) | ssl(7)
Download raw manual
Main page System Administration Commands (+71) Amanda 3&.5&.1 (+66) № 8 (+5755)
Go top