Open main menu

CDOT Wiki β

Changes

Sigul Signing Server Setup

13 bytes removed, 13:23, 16 June 2011
Sigul Client Setup
1) Create the NSS database on the client, to hold the certificate information issue the following
- client_dir=~/.sigul <-- This variable should be set to the location of sigul which is a folder under the user directory - certutil -d $client_dir -N <-- This will generate a new NSS database for the server at the location of the client_dir variable
|Be sure to remember your NSS Password|
3) Next we have to generate the authentication certificate for the clientL
- certutil -d $client_dir -S -n sigul-client-cert -s 'CN=YOURUSERNAME' -c my-ca -t u,, -v 120 <-- be sure to replace YOURUSERNAME with the user you are using on the client system, OR if using FAS authentication set the CN=YOUR FAS NAME.
4) Now it is time to configure the client, edit the config at /etc/sigul/client.conf * AS ROOT
5) After configuring your client, issue a test client command in DEBUG mode as follows:
- sigul -v -v list-users
* This should return a list of users on the server, at this point it should only really display the one admin user created before.
* For more commands issue sigul --help-commands for a full list
6) Create an initial key once you are able to issue commands to sigul, issue the following:
- sigul new-key -h <-- This will output the options that can be used with the key creation, use the ones you want, and generate the key.
* Please note when generating the key, it requires alot of Entropy on the server, so issue some commands to keep server busy and help it generate faster, usually a simple find / will generate enough for it to take about 2 minutes to generate the key.
 
=Sigul with koji Setup=
1
edit