Changes

Sigul Signing Server Setup

13 bytes removed, 14:23, 16 June 2011

→‎Sigul Client Setup

1) Create the NSS database on the client, to hold the certificate information issue the following

- client_dir=~/.sigul <-- This variable should be set to the location of sigul which is a folder under the user directory - certutil -d $client_dir -N <-- This will generate a new NSS database for the server at the location of the client_dir variable

|Be sure to remember your NSS Password|

3) Next we have to generate the authentication certificate for the clientL

- certutil -d $client_dir -S -n sigul-client-cert -s 'CN=YOURUSERNAME' -c my-ca -t u,, -v 120 <-- be sure to replace YOURUSERNAME with the user you are using on the client system, OR if using FAS authentication set the CN=YOUR FAS NAME.

4) Now it is time to configure the client, edit the config at /etc/sigul/client.conf * AS ROOT

5) After configuring your client, issue a test client command in DEBUG mode as follows:

- sigul -v -v list-users

* This should return a list of users on the server, at this point it should only really display the one admin user created before.

* For more commands issue sigul --help-commands for a full list

6) Create an initial key once you are able to issue commands to sigul, issue the following:

- sigul new-key -h <-- This will output the options that can be used with the key creation, use the ones you want, and generate the key.

* Please note when generating the key, it requires alot of Entropy on the server, so issue some commands to keep server busy and help it generate faster, usually a simple find / will generate enough for it to take about 2 minutes to generate the key.

=Sigul with koji Setup=

Aeboccia

1

edit

CDOT Wiki β

Changes

Sigul Signing Server Setup

CDOT Wiki ^β