[Box Backup] Questions abut Certs

Chris Wilson chris at qwirx.com
Wed Jun 30 12:00:33 BST 2010


Hi Lee,

On Wed, 30 Jun 2010, Chris Wilson wrote:

> To be honest the system is more secure if you run your own CA than if 
> you let someone else sign client certificates for you. Also the common 
> name must be completely under your control. I don't think GoDaddy will 
> let you do what you need to do for this to work.

In retrospect I could have expressed that better:

* I think it should be OK to sign the *server* certificate with GoDaddy. 
Give the GoDaddy end certificate (extracted from the CA bundle) to the 
clients as serverCA.pem (to avoid chain verification issues).

* I don't think you can sign *client* certificates with GoDaddy because 
they won't give you a signed certificate with a Common Name like BACKUP-4, 
which is what bbstored needs. So you still need to create your own CA, 
sign the client certificates with it, and put the generated clientCA.pem 
onto the bbstored server.

Cheers, Chris.



More information about the Boxbackup mailing list