[Box Backup] Invalid signed Box Backup server certificate
Jack Warkentin
jwark at bellaliant.net
Fri Feb 7 19:01:01 GMT 2020
Hi
I have been having difficulty install Box Backup on my Debian system.
This morning I did a complete reinstall of both the server and the
client. I didn't check the logs after starting the server, but when I
had everything apparently successfully installed I discovered that the
server would not start properly.
So I purged the client and server packages and did a complete reinstall
of the server. After trying to start the server I checked the logs and
discovered these error messages.
Feb 7 14:24:08 JaxToyMB bbstored[22790]: ERROR: SSL or crypto error:
loading private key: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch
Feb 7 14:24:08 JaxToyMB bbstored[22790]: WARNING: Exception thrown:
ServerException(TLSLoadPrivateKeyFailed) (Failed to load private key
from /etc/boxbackup/bbstored/JaxToyMB-key.pem: error:0B080074:x509
certificate routines:X509_check_private_key:key values mismatch) at
lib/server/TLSContext.cpp:140
Feb 7 14:24:08 JaxToyMB bbstored[22790]: FATAL: Terminating due to
exception TLSLoadPrivateKeyFailed: Failed to load private key from
/etc/boxbackup/bbstored/JaxToyMB-key.pem: error:0B080074:x509
certificate routines:X509_check_private_key:key values mismatch (3/26)
These were the same errors that occurred during the previous attempt.
Since I had just gone through what I thought was a perfect installation,
I have no understanding of how this could have happened.
I have attached a file containing the complete record of the latest
attempt. It has long lines, some greater than 190 chars (the max my
screen can hold). Any help you can give as to what I am doing wrong
would be much appreciated.
Regards
Jack
Jack Warkentin, phone 902-404-0457, email jwark at bellaliant.net
39 Inverness Avenue, Halifax, Nova Scotia, Canada, B3P 1X6
-------------- next part --------------
# dpkg-query -l 'boxbackup*'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-================-=============================-============-=============================================
ii boxbackup-client 0.13~~git20180313.g16a11e86-2 amd64 client for the BoxBackup remote backup system
ii boxbackup-server 0.13~~git20180313.g16a11e86-2 amd64 server for the BoxBackup remote backup system
# dpkg -P boxbackup-server
(Reading database ... 105712 files and directories currently installed.)
Removing boxbackup-server (0.13~~git20180313.g16a11e86-2) ...
Stopping boxbackup-server: bbstored.
Purging configuration files for boxbackup-server (0.13~~git20180313.g16a11e86-2) ...
Removing user `bbstored' ...
Warning: group `bbstored' has no more members.
Done.
dpkg-statoverride: warning: no override present
dpkg: warning: while removing boxbackup-server, directory '/usr/share/doc/boxbackup-server' not empty so not removed
dpkg: warning: while removing boxbackup-server, directory '/etc/boxbackup/bbstored' not empty so not removed
Processing triggers for man-db (2.8.5-2) ...
# rm -r /etc/boxbackup/bbstored
# rm -r /usr/share/doc/boxbackup-server
# dpkg -P boxbackup-client
(Reading database ... 105683 files and directories currently installed.)
Removing boxbackup-client (0.13~~git20180313.g16a11e86-2) ...
Stopping boxbackup-client: bbackupd.
Purging configuration files for boxbackup-client (0.13~~git20180313.g16a11e86-2) ...
dpkg: warning: while removing boxbackup-client, directory '/etc/boxbackup/bbackupd' not empty so not removed
Processing triggers for man-db (2.8.5-2) ...
# rm -r /etc/boxbackup/bbackupd
#
# pwd
/home/jcw
# cd Main/Maintenance/JaxToyMB2/Packages\&Etc/
# ls
./ boxbackup-client_0.13~~git20180313.g16a11e86-2_amd64.deb boxbackup-server_0.13~~git20180313.g16a11e86-2_amd64.deb ca/
../ boxbackup-client_0.13~~git20190527.g039c4a1-2_amd64.deb boxbackup-server_0.13~~git20190527.g039c4a1-2_amd64.deb libelogind0_241.3-1+debian3_amd64.deb
# dpkg -i boxbackup-server_0.13~~git20190527.g039c4a1-2_amd64.deb
Selecting previously unselected package boxbackup-server.
(Reading database ... 105659 files and directories currently installed.)
Preparing to unpack boxbackup-server_0.13~~git20190527.g039c4a1-2_amd64.deb ...
Unpacking boxbackup-server (0.13~~git20190527.g039c4a1-2) ...
Setting up boxbackup-server (0.13~~git20190527.g039c4a1-2) ...
Creating bbstored user.
Adding system user `bbstored' (UID 102) ...
Adding new group `bbstored' (GID 103) ...
Adding new user `bbstored' (UID 102) with group `bbstored' ...
Not creating home directory `/var'.
Processing triggers for man-db (2.8.5-2) ...
# cd /etc/boxbackup/
# ls
./ ../ bbstoreaccounts.memleaks bbstored/ bbstored.memleaks CA/
# find . -type f -exec ls -al \{\} \;
-rw-r----- 1 bbstored bbstored 0 Feb 7 10:46 ./bbstored.memleaks
-rw-r----- 1 root root 985 Feb 7 10:04 ./CA/clients/1-cert.pem
-rw-r----- 1 root root 3 Feb 7 09:39 ./CA/roots/serverCA.srl
-rw-r----- 1 root root 1034 Feb 7 09:34 ./CA/roots/clientCA.pem
-rw-r----- 1 root root 1034 Feb 7 09:34 ./CA/roots/serverCA.pem
-rw-r----- 1 root root 3 Feb 7 10:04 ./CA/roots/clientCA.srl
-rw------- 1 root root 1679 Feb 7 09:34 ./CA/keys/clientRootKey.pem
-rw-r----- 1 root root 911 Feb 7 09:34 ./CA/keys/clientRootCSR.pem
-rw------- 1 root root 1679 Feb 7 09:34 ./CA/keys/serverRootKey.pem
-rw-r----- 1 root root 911 Feb 7 09:34 ./CA/keys/serverRootCSR.pem
-rw-r----- 1 root root 1009 Feb 7 09:39 ./CA/servers/Backup-cert.pem
-rw-r----- 1 root root 0 Feb 7 09:49 ./bbstoreaccounts.memleaks
# rm bbstoreaccounts.memleaks bbstored.memleaks
# rm -r bbstored/ CA/
# ls
./ ../
# pwd
/etc/boxbackup
# raidfile-config /etc/boxbackup 8192 ^C
# ls /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/
./ ../ backup/
# ls /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup/
./ ../ 00000001/ bbstoreaccounts.memleaks
# rm /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup/bbstoreaccounts.memleaks
# ls /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup/
./ ../ 00000001/
# ls /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup/00000001/
./ ../ info.rfw o01.rfw refcount.rdb.rfw
# rm -r /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup/
# ls /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/
./ ../
# raidfile-config /etc/boxbackup 8192 /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
WARNING: userland RAID is disabled.
Config file written.
# pwd
/etc/boxbackup
# ls
./ ../ raidfile.conf
# cat raidfile.conf
disc0
{
SetNumber = 0
BlockSize = 8192
Dir0 = /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
Dir1 = /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
Dir2 = /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
}
# bbstored-config /etc/boxbackup JaxToyMB bbstored
Checking permissions on /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
bbstored doesn't appear to have the necessary permissions on /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
Either adjust permissions, or create a directory 'backup' inside the
directory specified in raidfile.conf which is writable.
# ll /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
total 8.2k
drwxr-x--- 2 root root 4.1k 2020-02-07 13:53 ./
drwxr-xr-x 5 root root 4.1k 2020-01-18 15:03 ../
# mkdir /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup
# ll /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup
total 8.2k
drwxr-x--- 2 root root 4.1k 2020-02-07 13:57 ./
drwxr-x--- 3 root root 4.1k 2020-02-07 13:57 ../
# ll /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup
total 13k
drwxr-x--- 3 root root 4.1k 2020-02-07 13:57 ./
drwxr-xr-x 5 root root 4.1k 2020-01-18 15:03 ../
drwxr-x--- 2 root root 4.1k 2020-02-07 13:57 backup/
# chown bbstored:bbstored /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup
# bbstored-config /etc/boxbackup JaxToyMB bbstored
Checking permissions on /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup
Checking permissions on /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup
Checking permissions on /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup
Setup bbstored config utility.
Configuration:
Writing configuration file: /etc/boxbackup/bbstored.conf
Writing empty accounts file: /etc/boxbackup/bbstored/accounts.txt
Server hostname: JaxToyMB
RaidFile config: /etc/boxbackup/raidfile.conf
Creating /etc/boxbackup/bbstored
Creating blank accounts file
Generating private key...
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
................................................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:
Writing configuration file /etc/boxbackup/bbstored.conf
===================================================================
bbstored basic configuration complete.
What you need to do now...
1) Sign /etc/boxbackup/bbstored/JaxToyMB-csr.pem
using the bbstored-certs utility.
2) Install the server certificate and root CA certificate as
/etc/boxbackup/bbstored/JaxToyMB-cert.pem
/etc/boxbackup/bbstored/clientCA.pem
3) You may wish to read the configuration file
/etc/boxbackup/bbstored.conf
and adjust as appropraite.
4) Create accounts with bbstoreaccounts
5) Start the backup store daemon with the command
/usr/local/sbin/bbstored
in /etc/rc.local, or your local equivalent.
===================================================================
# bbstored-certs CA init
Generating RSA private key, 2048 bit long modulus (2 primes)
.........+++++
...................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:
Signature ok
subject=CN = Backup system client root
Getting Private key
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
...........................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (e.g. server FQDN or YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:
Signature ok
subject=CN = Backup system server root
Getting Private key
# ls CA
./ ../ clients/ keys/ roots/ servers/
# ls CA/[ckrs]*
CA/clients:
./ ../
CA/keys:
./ ../ clientRootCSR.pem clientRootKey.pem serverRootCSR.pem serverRootKey.pem
CA/roots:
./ ../ clientCA.pem clientCA.srl serverCA.pem serverCA.srl
CA/servers:
./ ../
# bbstored-certs CA sign-server CA/keys/serverRootCSR.pem
This certificate is for backup server
Backup
Signing the wrong certificate compromises the security of your backup system.
Would you like to sign this certificate? (type 'yes' to confirm)
yes
Signature ok
subject=CN = Backup system server root
Getting CA Private Key
Certificate signed.
Install the files
CA/servers/Backup-cert.pem
CA/roots/clientCA.pem
on the server.
# cp -p CA/servers/Backup-cert.pem /etc/boxbackup/bbstored/JaxToyMB-csr.pem
# cp -p CA/roots/clientCA.pem /etc/boxbackup/bbstored/clientCA.pem
# vi bbstored.conf
# bbstoreaccounts create 1 0 400GB 450GB
NOTICE: Account 0x00000001 created.
# ll /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup
total 13k
drwxr-x--- 3 bbstored bbstored 4.1k 2020-02-07 14:07 ./
drwxr-x--- 3 root root 4.1k 2020-02-07 13:57 ../
drwxr-x--- 2 bbstored bbstored 4.1k 2020-02-07 14:07 00000001/
# ll /JaxToyHardDrvBoxBackup/BackupDirForBoxBackup/backup/00000001/
total 21k
drwxr-x--- 2 bbstored bbstored 4.1k 2020-02-07 14:07 ./
drwxr-x--- 3 bbstored bbstored 4.1k 2020-02-07 14:07 ../
-rw-r----- 1 bbstored bbstored 128 2020-02-07 14:07 info.rfw
-rw-r----- 1 bbstored bbstored 40 2020-02-07 14:07 o01.rfw
-rw-r----- 1 bbstored bbstored 12 2020-02-07 14:07 refcount.rdb.rfw
# /etc/init.d/boxbackup-server start
# less /var/log/syslog
# vi /etc/init.d/boxbackup-server
# /etc/init.d/boxbackup-server start
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ DAEMON=/usr/sbin/bbstored
+ NAME=bbstored
+ DESC=boxbackup-server
+ CONF=/etc/boxbackup/bbstored.conf
+ test -f /usr/sbin/bbstored
+ test -f /etc/boxbackup/bbstored.conf
+ grep PidFile /etc/boxbackup/bbstored.conf
+ sed s/[[:space:]]*PidFile[[:space:]]*=[[:space:]]*\(\/[A-Za-z0-9/]*\)/\1/
+ PIDFILE=/var/run/bbstored.pid
+ grep CertificateFile /etc/boxbackup/bbstored.conf
+ sed s/[[:space:]]*CertificateFile[[:space:]]*=[[:space:]]*\(\/[A-Za-z0-9/]*\)/\1/
+ CERTFILE=/etc/boxbackup/bbstored/JaxToyMB-cert.pem
+ [ -z /var/run/bbstored.pid ]
+ [ ! -e /etc/boxbackup/bbstored/JaxToyMB-cert.pem ]
+ exit 0
# ll /etc/boxbackup/bbstored/JaxToyMB-cert.pem
ls: cannot access '/etc/boxbackup/bbstored/JaxToyMB-cert.pem': No such file or directory
# ll /etc/boxbackup/bbstored/
total 25k
drwxr-x--- 2 root root 4.1k 2020-02-07 14:05 ./
drwxr-xr-x 4 root root 4.1k 2020-02-07 14:07 ../
-rw-r----- 1 root root 4 2020-02-07 14:07 accounts.txt
-rw-r----- 1 root root 1.1k 2020-02-07 14:00 clientCA.pem
-rw-r----- 1 root root 1.1k 2020-02-07 14:02 JaxToyMB-csr.pem
-rw------- 1 root root 1.7k 2020-02-07 13:58 JaxToyMB-key.pem
# hist | grep -e JaxToyMB-csr.pem
482 cp -p bbstored/JaxToyMB-csr.pem /JaxToyHardDrvBoxBackup/extras/boxbackup/bbstored/JaxToyMB-csr.pem
540 cp -p CA/servers/Backup-cert.pem /etc/boxbackup/bbstored/JaxToyMB-csr.pem
552 hist | grep -e JaxToyMB-csr.pem
# pwd
/etc/boxbackup
# mv bbstored/JaxToyMB-csr.pem bbstored/JaxToyMB-cert.pem
# /etc/init.d/boxbackup-server start
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ DAEMON=/usr/sbin/bbstored
+ NAME=bbstored
+ DESC=boxbackup-server
+ CONF=/etc/boxbackup/bbstored.conf
+ test -f /usr/sbin/bbstored
+ test -f /etc/boxbackup/bbstored.conf
+ grep PidFile /etc/boxbackup/bbstored.conf
+ sed s/[[:space:]]*PidFile[[:space:]]*=[[:space:]]*\(\/[A-Za-z0-9/]*\)/\1/
+ PIDFILE=/var/run/bbstored.pid
+ grep CertificateFile /etc/boxbackup/bbstored.conf
+ sed s/[[:space:]]*CertificateFile[[:space:]]*=[[:space:]]*\(\/[A-Za-z0-9/]*\)/\1/
+ CERTFILE=/etc/boxbackup/bbstored/JaxToyMB-cert.pem
+ [ -z /var/run/bbstored.pid ]
+ [ ! -e /etc/boxbackup/bbstored/JaxToyMB-cert.pem ]
+ set -e
+ echo -n Starting boxbackup-server:
Starting boxbackup-server: + start-stop-daemon --start --quiet --pidfile /var/run/bbstored.pid --exec /usr/sbin/bbstored -- /etc/boxbackup/bbstored.conf
+ echo bbstored.
bbstored.
+ exit 0
# less /var/log/syslog
# /etc/init.d/boxbackup-server stop
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ DAEMON=/usr/sbin/bbstored
+ NAME=bbstored
+ DESC=boxbackup-server
+ CONF=/etc/boxbackup/bbstored.conf
+ test -f /usr/sbin/bbstored
+ test -f /etc/boxbackup/bbstored.conf
+ grep PidFile /etc/boxbackup/bbstored.conf
+ sed s/[[:space:]]*PidFile[[:space:]]*=[[:space:]]*\(\/[A-Za-z0-9/]*\)/\1/
+ PIDFILE=/var/run/bbstored.pid
+ grep CertificateFile /etc/boxbackup/bbstored.conf+
sed s/[[:space:]]*CertificateFile[[:space:]]*=[[:space:]]*\(\/[A-Za-z0-9/]*\)/\1/
+ CERTFILE=/etc/boxbackup/bbstored/JaxToyMB-cert.pem
+ [ -z /var/run/bbstored.pid ]
+ [ ! -e /etc/boxbackup/bbstored/JaxToyMB-cert.pem ]
+ set -e
+ echo -n Stopping boxbackup-server:
Stopping boxbackup-server: + start-stop-daemon --oknodo --stop --quiet --pidfile /var/run/bbstored.pid --exec /usr/sbin/bbstored
+ echo bbstored.
bbstored.
+ exit 0
# ll /etc/boxbackup/bbstored/JaxToyMB-key.pem
-rw------- 1 root root 1.7k 2020-02-07 13:58 /etc/boxbackup/bbstored/JaxToyMB-key.pem
# chown bbstored:bbstored /etc/boxbackup/bbstored/JaxToyMB-key.pem
# vi /etc/init.d/boxbackup-server
# /etc/init.d/boxbackup-server start
Starting boxbackup-server: bbstored.
# less /var/log/syslog
# tail -12 /var/log/syslog
Feb 7 14:21:06 JaxToyMB bbstored[22724]: WARNING: Couldn't open memory leak results file //bbstored.memleaks for appending
Feb 7 14:21:06 JaxToyMB bbstored[22725]: NOTICE: Terminating daemon
Feb 7 14:21:06 JaxToyMB bbstored[22725]: WARNING: Couldn't open memory leak results file //bbstored.memleaks for appending
Feb 7 14:24:08 JaxToyMB bbstored[22788]: NOTICE: Box Backup Store Server v0.13~~git20190527.g039c4a1-2, (c) Ben Summers and contributors 2003-2014
Feb 7 14:24:08 JaxToyMB bbstored[22790]: NOTICE: Starting daemon, version: 0.13~~git20190527.g039c4a1-2
Feb 7 14:24:08 JaxToyMB bbstored[22790]: NOTICE: Using configuration file: /etc/boxbackup/bbstored.conf
Feb 7 14:24:08 JaxToyMB bbstored[22790]: ERROR: SSL or crypto error: loading private key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Feb 7 14:24:08 JaxToyMB bbstored[22790]: WARNING: Exception thrown: ServerException(TLSLoadPrivateKeyFailed) (Failed to load private key from /etc/boxbackup/bbstored/JaxToyMB-key.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) at lib/server/TLSContext.cpp:140
Feb 7 14:24:08 JaxToyMB bbstored[22790]: FATAL: Terminating due to exception TLSLoadPrivateKeyFailed: Failed to load private key from /etc/boxbackup/bbstored/JaxToyMB-key.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch (3/26)
Feb 7 14:24:08 JaxToyMB bbstored[22790]: WARNING: Couldn't open memory leak results file //bbstored.memleaks for appending
Feb 7 14:24:08 JaxToyMB bbstored[22791]: NOTICE: Terminating daemon
Feb 7 14:24:08 JaxToyMB bbstored[22791]: WARNING: Couldn't open memory leak results file //bbstored.memleaks for appending
#
More information about the Boxbackup
mailing list