XMLRPC and OpenSSL switch to aes encryption
21 views
Skip to first unread message
Mitchell Carroll
Feb 21, 2019, 3:02:12 PM2/21/19
to emulab-admins
I have a user that needs to use XMLRPC with our emulab installation. They've tried to use the web interface to generate their certificate, but it appears to be using des encryption instead of aes, which isn't supported by what they need it for. Is there a way for me to change the way this works through the web interface, or would I need to generate a key manually on boss?
Thanks,
Mitchell
Leigh Stoller
Feb 21, 2019, 3:27:15 PM2/21/19
to emulab...@googlegroups.com
> I have a user that needs to use XMLRPC with our emulab installation. They've tried to use the web interface to generate their certificate, but it appears to be using des encryption instead of aes, which isn't supported by what they need it for. Is there a way for me to change the way this works through the web interface, or would I need to generate a key manually on boss?
specify -des3 … you can change this, although that will make it hard
to reuse existing encrypted keys.
Leigh
Mitchell Carroll
Feb 21, 2019, 4:23:53 PM2/21/19
to emulab-admins
To make this change I would have to edit the file in /usr/testbed/src/testbed, then run configure in the obj directory the same way as in the installation, correct? Would I only need to do this on boss, or will it complain if it's not the same on ops?
Mitchell
Leigh Stoller
Feb 21, 2019, 6:16:29 PM2/21/19
to emulab...@googlegroups.com
>
> To make this change I would have to edit the file in /usr/testbed/src/testbed, then run configure in the obj directory the same way as in the installation, correct? Would I only need to do this on boss, or will it complain if it's not the same on ops?
Hi. After you edit the file:
> To make this change I would have to edit the file in /usr/testbed/src/testbed, then run configure in the obj directory the same way as in the installation, correct? Would I only need to do this on boss, or will it complain if it's not the same on ops?
boss> cd /usr/testbed/obj/testbed/account
boss> gmake
boss> sudo gmake install
Thats it.
Leigh
Mitchell Carroll
Feb 25, 2019, 1:12:31 PM2/25/19
to emulab-admins
I put in the changes but now when we try to generate a new certificate it gives an empty error text and doesn't work, I'm not sure how to find out what's going wrong with it now.
Thanks,
Mitch
Leigh Stoller
Feb 25, 2019, 1:17:11 PM2/25/19
to emulab...@googlegroups.com
at 10:12 AM, Mitchell Carroll <mitchell....@gmail.com> wrote:
> I put in the changes but now when we try to generate a new certificate it gives an empty error text and doesn't work, I'm not sure how to find out what's going wrong with it now.
You can try this:
> I put in the changes but now when we try to generate a new certificate it gives an empty error text and doesn't work, I'm not sure how to find out what's going wrong with it now.
boss> wap mkusercert -d -p xxxyyy someuser
and see what it complains about.
Leigh
Mitchell Carroll
Feb 25, 2019, 2:04:45 PM2/25/19
to emulab-admins
Thanks, that worked! The output for that was the usage information for the genrsa command, from which I learned I was using the wrong option for aes ( I had '-aes-256-cbc' and the correct form was '-aes256'), I replaced them all and the user was able to generate a new certificate.
Mitch
Reply all
Reply to author
Forward
0 new messages