1
edit
Changes
→Links
Together, these certs allow the builders to communicate with the koji hub and visa versa. After researching and a bit of tweaking, I managed to utilize a concept from Fedora Projects website (http://fedoraproject.org/wiki/Koji/ServerHowTo) and created a script which would make minimal effort for anyone making multiple certs, or for anyone who would rather quickly make a cert than learn the process.
In our scenario, we used SSL to perform our configuration, however, Kerboros has another means of accomplishing the same thing without requiring authentication. This path however is only a 'quick-fix' because eventually SSL will have to be used.
= Koji Cert Process=
# A certificate authority must be created.
# The certificate authority must have a private key and public key created
# A certificate must be created for the server using the configuration and signature of the ca
# Other clients can then be created such as the kojihub, kojiweb etc
= How to use the script=
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = CA
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Ontario
localityName = Locality Name (eg, city)
localityName_default = Toronto
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Seneca CDOT
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_default = hongkong
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[req_attributes]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[usr_cert]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
[v3_ca]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true''