LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-01-2008, 04:49 PM   #1
dreamer.redeemer
LQ Newbie
 
Registered: Jan 2008
Distribution: Ubuntu, Suse 11, etc...
Posts: 20

Rep: Reputation: 0
ssl self signed certificate


I'm trying to set up sftp on this box (as per this guide) and have run into an issue with ssl certificate verification:

Code:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@grieserver:/etc/ftpcert# ./sign.sh server.csr
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'Utah'
localityName          :PRINTABLE:'...'
organizationName      :PRINTABLE:'...'
commonName            :PRINTABLE:'...'
emailAddress          :IA5STRING:'...'
Certificate is to be certified until Jan 31 22:22:01 2009 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=US/ST=Utah/...
error 18 at 0 depth lookup:self signed certificate
/C=US/ST=Utah/....
error 7 at 0 depth lookup:certificate signature failure
7187:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
7187:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:699:
7187:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:
As usual i'm sure i'm doing something blatanly wrong... help is always well appreciated.
 
Old 02-02-2008, 10:16 PM   #2
baldur_the_god
Member
 
Registered: Feb 2007
Posts: 54

Rep: Reputation: 15
ssl self signed

the problem is with this line...obviously

root@grieserver:/etc/ftpcert# ./sign.sh server.csr

this is a bad line...it is the problem. you should switch to the directory

cd /etc/ftpcert (notice here you should not have the # in there)

and then set it to sign the certificate

./sign.sh server.csr

by the way sftpd (or maybe vftpd...i have not used this in a while) is a better program the proftpd...

search this in the forum and look it up...

consider why you need a secure connection to a ftp server...as long as the password and log in are passed secure, after that, it is usually transferring large files over the internet and if that is encrypted, you are giving many, many unique chances to crack the encryption...defeating the purpose of the encryption itself...

baldur
[ LINK REMOVED BY MODERATOR ]

Last edited by win32sux; 02-08-2008 at 01:46 PM. Reason: Removed SPAM.
 
Old 02-02-2008, 11:31 PM   #3
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
Quote:
Originally Posted by baldur_the_god View Post
after that, it is usually transferring large files over the internet and if that is encrypted, you are giving many, many unique chances to crack the encryption...defeating the purpose of the encryption itself...
Could you clarify this please? Are you saying that using SSL for large file transfers is bad because it gives people more of a chance to crack the encryption? Could you provide some links to more info about why transferring files via SSL over FTP is a concern?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2.2.3 SSL ignores self-signed certificate nshewmaker Linux - Server 3 03-27-2007 06:18 PM
SSL Certificate The_JinJ Linux - General 1 03-21-2005 11:46 PM
ssl-certificate twantrd Linux - General 1 03-31-2004 08:47 AM
SSL certificate without..... Drogo Linux - Software 1 06-13-2003 02:13 AM
How do I create a self signed SSL certificate? mongoose Linux - Software 2 04-15-2003 06:46 PM


All times are GMT -5. The time now is 08:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration