[Box Backup] Certificate information
chris at qwirx.com
Tue Nov 6 15:38:34 GMT 2012
On Tue, 6 Nov 2012, Peter Jalajas, GigaLock Backup Services wrote:
> Maybe someone can explain each of those files for us?
clientCA.pem: the CA which signs all client certificates. The server
requires a client's certificate to be signed by this CA, or will not allow
it to connect. All servers must have a copy of clientCA.pem to verify
clientRootKey.pem: the key associated with clientCA.pem (I think).
clientRootCSR.pem: a temporary certificate signing request generated in
the process of producing the self-signed client CA certificate
clientCA.srl: the serial number of the last certificate issued by the
client CA. OpenSSL keeps this in a file to avoid issuing certificates with
duplicate serial numbers.
serverCA.pem, serverRootKey.pem, serverRootCSR.pem, serverCA.srl: as above
but for servers. Clients require that any server which they connect to,
presents a certificate signed by serverCA.pem. All clients must have a
copy of serverCA.pem to verify this.
<ServerNickName>-cert.pem: the actual certificate issued to each client.
Clients generate a key and CSR locally, send the CSR to the CA, which
signs it (producing this certificate file as output) and returns it.
> I hope at least part of that is helpful to someone. Suggestions and
> corrections welcome. I can put this on the trac wiki if anyone thinks
> it'll help.
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <chris+sig at qwirx.com> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |
More information about the Boxbackup