amssl(8) - f37

1AMSSL(8)                System Administration Commands                AMSSL(8)
2
3
4

NAME

6       amssl - Program to manage amanda ssl certificates
7

SYNOPSIS

9       amssl [--client] [--init | --create-ca |
10             --create-server-cert server-host |
11             --create-client-cert client-host [--server server-host] ]
12             [--country country-code] [--state state] [--locality locality]
13             [--organisation organisation]
14             [--organisation-unit organisation-unit] [--common common-name]
15             [--email email] [-o configoption...] [--config config]
16

DESCRIPTION

18       amssl is a program to manage amanda ssl certificates for the ssl auth.
19       It can create self-signed CA, server certificate and client
20       certificates.
21

OPTIONS

23       --create-ca
24           Create a self-signed CA.
25
26       --create-server-cert
27           Create a server certificate.
28
29       --create-client-cert CLIENT-HOSTNAME
30           Create a client certificate.
31
32       --server SERVER-HOSTNAME
33           The amanda server to connect to.
34
35       --batch
36           use the certificate fields set in the initialization, there is
37           confirmation.
38
39           This option is useless if one the fields was not set in the
40           initiatization.
41
42       --client
43           When running amssl on a client.
44
45       --init
46           Initialize the host.
47
48       The following options are the one needed by a certificate
49
50       --country
51           The two letter country code.
52
53       --state
54           The State.
55
56       --locality
57           The locality.
58
59       --organisation
60           The organisation
61
62       --organisation-unit
63           The organisation unit.
64
65       --common
66           The common name.
67
68       --email
69           The email.
70

INITIALISATION

72       Must be run once before any other command
73
74       Create a template openssl.cnf file and a configuration file with the
75       value provided, they are used in future command so you do not need to
76       enter them at every invocation.
77
78       The value provided must be the one you want in the certificate.
79
80       amssl [--client] --init [--country country-code] [--state state]
81             [--locality locality] [--organisation organisation]
82             [--organisation-unit organisation-unit] [--common common-name]
83             [--email email] [-o configoption...] [--config config]
84
85       A client is initialized with the --client options.
86
87       Create
88
89            $SSL_DIR/openssl.cnf.template
90            $SSL_DIR/openssl.data
91

CREATE A SELF-SIGNED CA

93       Create a self-signed CA.
94
95       amssl --create-ca [--batch] [--config CONFIG]
96
97       You can also provide all options of the initialization step
98
99       You must enter a new CA passphrase, you must keep it secret and
100       remember it. It will be required every time you need to create a new
101       cetificate.
102
103       After you enter the passphrase, it will be asked 3 other times.
104
105       Create
106
107            $SSL_DIR/CA/crt.pem
108            $SSL_DIR/CA/private/key.pem
109

CREATE THE SERVER CERTIFICATE

111       Create the amanda server certificate.
112
113       amssl --create-server-cert HOSTNAME [--batch] [--config CONFIG]
114
115       You can also provide all options of the initialization step
116
117       The CA passphrase is asked.
118
119       Create
120
121            $SSL_DIR/me/crt.pem
122            $SSL_DIR/me/fingerprint
123            $SSL_DIR/me/private/key.pem
124            $SSL_DIR/remote/HOSTNAME -> ../me
125

CREATE A CLIENT CERTIFICATE

127       Create a client certificate, sign it by the CA certicate on the server
128       and both server and client learn the remore fingerprint.
129
130       DO NOT RUN IT ON SERVER. This will detroy the server certificate
131
132       It require to run amssl on the server and client at the same time
133
134       ssl-dir must be set in amanda-client.conf on the client.
135
136       Both server and client must already be initialized.
137
138       Run on the server:
139
140       amssl --create-client-cert client-host [--config CONFIG]
141
142       It wait for the client to connect and then sign the client certificate,
143       The CA passphrase is asked.
144
145       Run on the client:
146
147       amssl --client --create-client-cert CLIENT-HOST --server SERVER-HOST
148             [--batch] [--config CONFIG]
149
150       Create on server
151
152            $SSL_DIR/remote/CLIENT-HOST/fingerprint
153
154       Create on client
155
156            $SSL_DIR/me/crt.pem
157            $SSL_DIR/me/fingerprint
158            $SSL_DIR/me/private/key.pem
159            $SSL_DIR/remote/SERVER-HOST/fingerprint
160

EXAMPLE

162       Initialize the server
163           amssl --init --country US --state California --locality Sunnyvale
164           --organisation zmanda --organistion-unit engineering --common boss
165           --email 'email@email.com'
166
167       Create the CA on the server
168           amssl --create-ca
169
170       Create the server certificate
171           amssl --create-server-cert server.zmanda.com
172
173       Create a client certificate
174
175           On server:
176               amssl --create-client-cert client.zmanda.com
177
178           On client:
179               amssl --client --init --country US --state California
180               --locality Sunnyvale --organisation zmanda --organistion-unit
181               engineering --common boss --email 'email@email.com'
182
183               amssl --client --create-client-cert client.zmanda.com --server
184               server.zmanda.com
185

AUTHORS

193       James da Silva <jds@amanda.org>
194
195       Stefan G. Weichinger <sgw@amanda.org>
196
197
198
199Amanda 3.5.1                      12/01/2017                          AMSSL(8)