LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-31-2008, 09:20 PM   #1
RAdams
Member
 
Registered: May 2006
Location: Cincinnati, Ohio
Distribution: Ubuntu
Posts: 256

Rep: Reputation: 30
Force Accept Certificates when Using mount.davfs?


NOTES:
  1. I provided as much detail as I thought relevant. It may be overload, which is why I included "The Short Story".
  2. The URIs and confidential information was deliberately obfuscated, but the content is otherwise verbatim.
  3. I'm not sure if I need to involve the davfs2.conf here, it doesn't seem to have any helpful options for this problem. FWIW, mine is unchanged from defaults.
  4. Yes, I realize I could just purchase an SSL cert and this warning would go away, that's not the point.

The Short Story:
I'm in need of a way to bypass the untrusted server warning you get when mounting a secure WebDAV share with davfs2, or a workaround that does effectively the same thing. That's probably not enough to go on, so...

The Long Story:
CPanel 11 has this great WebDAV interface called "Web Disk". It's just an easy-to-configure WebDAV share, using SSL to talk on port 2078. However, their instructions for accessing the share with Gnome are rubbish, so I had to find my own path.

I found the package davfs2, which meets my needs... almost. I can use it to make an fstab entry like:
Code:
https://example.com:2078 /media/example.com davfs uid=user,gid=group 0 0
Then in /etc/davfs2/secrets:
Code:
https://example.com:2078    username        password
This does what I'm looking for: mounts the Secure WebDAV share to /media/example.com using a given username/password.

BUT, it prompts each time with a security warning:
Code:
/sbin/mount.davfs: the server certificate does not match the server name
/sbin/mount.davfs: the server certificate is not trusted
  issuer:      Unknown, Unknown, Unknown, Unknown, US
  subject:     Unknown, Unknown, Unknown, Unknown, US
  identity:    host.example.com
  fingerprint: a1:1a:11:af:11:11:11:1f:11:ad:1c:11:1a:11:11:11:aa:1b:db:fd
You only should accept this certificate, if you can
verify the fingerprint! The server might be faked
or there might be a man-in-the-middle-attack.
Accept certificate for this session? [y,N]
I can't figure out how to avoid this prompt. I saw this in /etc/davfs2/secrets:
Code:
# Password for Client Certificate
# -------------------------------
# It must contain the name of the certifcate file and the encryption passord.

# Examples
# otto_private.crt              "this is extraordinary secret"
# "otto private.crt"            this\ is\ secret,\ too.
So I generated a self-signed certificate (via WHM, but that's just a frontend) and saved it as example.crt in /etc/davfs2/certs:

Code:
-----BEGIN CERTIFICATE-----
AREALLYLONGSTRINGOFNUMBERSANDLETTERS1234
-----END CERTIFICATE-----
Then put this into secrets:
Code:
/etc/davfs2/certs/example.crt  password
Nothing. I also tried it without the absolute path. Do I need to put the RSA key into private or something? I'm not clear on how the Certificates work here.

So what can I do to avoid that warning every time I start up or mount the share?

Last edited by RAdams; 03-31-2008 at 09:25 PM. Reason: Added note about davefs2.conf
 
Old 09-25-2008, 04:23 AM   #2
cogo
LQ Newbie
 
Registered: Oct 2006
Location: Norway
Distribution: Ubuntu
Posts: 3

Rep: Reputation: 0
Did you find a solution to this? I am trying to do the same thing.
 
Old 10-22-2008, 09:28 AM   #3
ycoenradie
LQ Newbie
 
Registered: Oct 2008
Posts: 1

Rep: Reputation: 0
servercert

What worked for me was to add the CA certificate to the PEM file containing the server certificate. The CA certificate should be placed in front of the server certificate in the PEM file:

root@client:/etc/davfs2/certs# cat server.pem
-----BEGIN CERTIFICATE-----
ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF0123456
; CA certificate
ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF0123456
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF0123456
; server certificate
ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF0123456
-----END CERTIFICATE-----
 
  


Reply

Tags
certificate, crt, ssl, webdav


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where do I get mount.davfs from yum? Rotwang Red Hat 2 09-16-2007 12:42 PM
Force mount, SuSe linqz Linux - Newbie 2 11-08-2006 09:25 AM
How do I force xorg.conf to accept certain refresh rate? ExCIA Debian 9 08-06-2006 08:11 PM
Kontact will not accept self signed certificates apostate Linux - Software 0 03-01-2006 01:58 AM
Locked Archive or Installer to force end users to accept a license agreement diven Linux - General 1 05-03-2005 07:45 PM


All times are GMT -5. The time now is 01:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration