How to get the right certificate when using nutcpc to connect to NuFW

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

How to get the right certificate when using nutcpc to connect to NuFW

Nguyen Anh Dung

Hi All,

I'm a newbie to NuFW and i'm trying to install NuFW from source code in Trustix Linux 3.0.5 (kernel 2.6.19.7-3). After several days of wrestling :P, i installed it successfully as guided in the handbook 2.2.

I do everything as guided in the handbook from step 3.5.1 to step 3.6.3 (with common name in certificate is 'right' (my hostname)).

 

However, when i used nutcpc to connect to NuFW, there are errors:

 

nutcpc -N -d -C /etc/nufw/nufw-cert.pem -A /etc/nufw/NuFW-cacert.pem -K /etc/nufw/nufw-key.pem -H right

Error in client

   Connecting to NuFW gateway (right)

   Unable to initate connection to NuFW gateway

   Problem: Certificate authority verification failed: invalid, signer not found

   Authentication failed (check parameters)

Error in server

   ** Message: [7] TLS Handshaking (last error: 0)

   ** Message: [4] TLS handshake has failed (The peer did not send any certificate.)

   ** Message: [4] Failed connection from client 127.0.0.1

   GNUTLS ERROR: Error in the push function

   Unable to setup connect

 

nutcpc -N -d -U root -H right (as in the guideline)

Error in client

    *******    WARNING   ******

    You are trying to connect to nuauth without configuring a certificate authority (CA)

    You are vulnerable to attack like man-in-the-middle.

    Do you really want to do that? Type "yes" to continue: yes

    Connecting to NuFW gateway (127.0.0.1)

    TLS error: server request certificate, none configured

    Unable to initate connection to NuFW gateway

    Problem: Certificate authority verification failed: invalid, signer not found

    Authentication failed (check parameters)

Error in server

   WARNING: you have not provided any certificate authority.

   nutcpc will *NOT* verify server certificate trust.

   Use the -A <cafile> option to setup CA.

   As certificate will not be trusted, disabling FQDN check.

   ** Message: [7] TLS Handshaking (last error: 0)

   ** Message: [4] TLS handshake has failed (The peer did not send any certificate.)

   ** Message: [4] Failed connection from client 127.0.0.1

   GNUTLS ERROR: Error in the push function

   Unable to setup connect

  

I use "netstat -np" and confirm that nuauth has connected to NuFW.

 

BTW, nutcpc have 3 options, -C, -A, and -K. I can understand -K but confuse about -A and -C. How can i distinguish them and create them?

 

P/S: Is there any one who only follow the instructions in the handbook can make NuFW work?

 

Thank you so much.

Dzung Nguyen.


_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users