[Pulp-list] Repository protection
Rene L
tuz1986 at gmail.com
Wed Mar 15 10:15:58 UTC 2017
Hi,
i´ve tried many setups for the configuration, but nothing works for me.
I´ve tried the playpen/certs/ example, too. My setup:
- basic pulp installation
- set the cert/key/ca (ssl.conf) to a trusted ca (comodo)
- generate a own ca for repo auth
- create a client key/cert with the following extension and sign them
> [pulp-repos]
> basicConstraints=CA:FALSE
> 1.3.6.1.4.1.2312.9.2.0000.1=ASN1:UTF8:yum
> 1.3.6.1.4.1.2312.9.2.0000.1.1=ASN1:UTF8:Pulp
> 1.3.6.1.4.1.2312.9.2.0000.1.2=ASN1:UTF8:pulp-repo-test
> 1.3.6.1.4.1.2312.9.2.0000.1.6=ASN1:UTF8:pulp/repos/test/
- enable the auth (repo_auth.conf)
- create a test repository and set the --auth-ca parameter to the generated
ca
- try to get something from the test repo
> curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert --key
./certs/Pulp_client.key https://%s/pulp/repos/test/
> curl: (60) Peer's certificate issuer has been marked as not trusted by
the user.
> curl --cacert ./certs/Pulp_CA.cert --cert ./certs/Pulp_client.cert --key
./certs/Pulp_client.key https://%s/pulp/repos/test/ -k
> curl: (56) Peer does not recognize and trust the CA that issued your
certificate.
Does anyone can say me, where's my fallacy?
Regards
2017-03-13 17:44 GMT+01:00 Rene L <tuz1986 at gmail.com>:
> Hi Guys,
>
> I want to protect some repositories, but just found this blog entry from
> 2011:
>
> http://pulpproject.org/2011/05/18/pulp-protected-repositories/
>
> The documentation dont works for me. Did you have any other guides for
> this usecase?
>
> Kind regards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20170315/27deb346/attachment.htm>
More information about the Pulp-list
mailing list