Apr 24th, 2024, 9:53am
Welcome, Guest. Please Login or Register.
Pages: 1  Reply Reply  Notify of replies Notify of replies  Print Print
   Author  Topic: Linux server SSL configuration  (Read 3631 times)
gbr
FabulaTech Forum Newbie
*



View Profile         
Posts: 10
Linux server SSL configuration
« on: Aug 30th, 2018, 8:58am »
Quote Quote  Modify Modify

Hi,
 
I am willing to make TLS active between windows client and linux server.
Did not find information on how to configure certificate on linux server side.
Could you provide detailed procedure?
Thanks and Regards
Gilles
IP Logged
Sergey_Jarovski
FabulaTech Forum Moderator
FabulaTech Forum God
*****



View Profile   WWW         
Gender: male Posts: 556
Re: Linux server SSL configuration
« Reply #1 on: Aug 30th, 2018, 10:11am »
Quote Quote  Modify Modify

Hi,  
 
Please run daemon with -h key (sudo ./ftusbnetd -h) and look at -s option.
IP Logged

Sergey Jarovski

FabulaTech
===================
http://www.fabulatech.com
gbr
FabulaTech Forum Newbie
*



View Profile         
Posts: 10
Re: Linux server SSL configuration
« Reply #2 on: Sep 10th, 2018, 10:48am »
Quote Quote  Modify Modify

Hi,
Ok so I tried with my linux server :  
./ftusbnetd -s server.rsa.crt
 
Then, I configure my WINDOWS client with options :
Require SSL connection : selected  
Use trusted authorithy certificate : NOT CHECK, I used SELF SIGNED certificate
 
Connection status : error Enable SSL
 
how can I configure properly : I guess I shoud set the server.rsa.crt on client configuration ?  
but still not working  
 
Thanks for your feedback
 
IP Logged
Sergey_Jarovski
FabulaTech Forum Moderator
FabulaTech Forum God
*****



View Profile   WWW         
Gender: male Posts: 556
Re: Linux server SSL configuration
« Reply #3 on: Sep 11th, 2018, 10:43am »
Quote Quote  Modify Modify

Hi again,
 
You must enable both ("Use trusted authority certificate" and "Use client authentication certificate") options in USB over Network (client) GUI:  
https://www.fabulatech.com/usb-over-network-client-help/client-settings-ssl.html
and specify your trusted and client certificates
IP Logged

Sergey Jarovski

FabulaTech
===================
http://www.fabulatech.com
gbr
FabulaTech Forum Newbie
*



View Profile         
Posts: 10
Re: Linux server SSL configuration
« Reply #4 on: Sep 11th, 2018, 3:54pm »
Quote Quote  Modify Modify

Thanks,
 
but I am not sure to get the point:
 
from the client point of view, client should authenticate the server (then SSL ciphering would be handshaked)
 
So I understand client configuration needs server certificate as an hard-coded acknowledgment
=> I have generate rsa.crt and key on server side with linux openssl command, OK.
 
but, why do I need client certificate , and where does it come from ?
 
thanks for your help
IP Logged
gbr
FabulaTech Forum Newbie
*



View Profile         
Posts: 10
Re: Linux server SSL configuration
« Reply #5 on: Sep 24th, 2018, 1:22pm »
Quote Quote  Modify Modify

Hi again,
On server side :
 
D: 1537791656: net_init_cb: enabling SSL
W: 1537791656: SSLv23_server_method: no such function
E: 1537791656: fdchan_io_ssl_server_create: error:140A90C4:SSL routines:func(169):reason(196)
E: 1537791656: net_init_cb: failed to create SSL server object
D: 1537791656: net_close: closing channel, fd=18
 
 
Hope it can help, I continue investigation
IP Logged
gbr
FabulaTech Forum Newbie
*



View Profile         
Posts: 10
Re: Linux server SSL configuration
« Reply #6 on: Sep 24th, 2018, 1:26pm »
Quote Quote  Modify Modify

Quite sure : SSLV2/3 no more supported due to vulnerability, so linux SSL layer reject CLIENT hello
 
What can you do about it, e.g CLIENT shall sue TLS instead  
 
Thanks
 
IP Logged
gbr
FabulaTech Forum Newbie
*



View Profile         
Posts: 10
Re: Linux server SSL configuration
« Reply #7 on: Mar 11th, 2019, 1:49pm »
Quote Quote  Modify Modify

Hi support Team,
 
reagrding this issue , did you mae a correction in the usb over network software  ?  
 
Thanks for your fedback
 
with best regards
 
GB.
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies  Print Print

« Previous topic | Next topic »
Online Talk to our
support team or
sales department.