1AMSSL(8) System Administration Commands AMSSL(8)
2
3
4
6 amssl - Program to manage amanda ssl certificates
7
9 amssl [--client] [--init | --create-ca |
10 --create-server-cert server-host |
11 --create-client-cert client-host [--server server-host] ]
12 [--country country-code] [--state state] [--locality locality]
13 [--organisation organisation]
14 [--organisation-unit organisation-unit] [--common common-name]
15 [--email email] [-o configoption...] [--config config]
16
18 amssl is a program to manage amanda ssl certificates for the ssl auth.
19 It can create self-signed CA, server certificate and client
20 certificates.
21
23 --create-ca
24 Create a self-signed CA.
25
26 --create-server-cert
27 Create a server certificate.
28
29 --create-client-cert CLIENT-HOSTNAME
30 Create a client certificate.
31
32 --server SERVER-HOSTNAME
33 The amanda server to connect to.
34
35 --batch
36 use the certificate fields set in the initialization, there is
37 confirmation.
38
39 This option is useless if one the fields was not set in the
40 initiatization.
41
42 --client
43 When running amssl on a client.
44
45 --init
46 Initialize the host.
47
48 The following options are the one needed by a certificate
49
50 --country
51 The two letter country code.
52
53 --state
54 The State.
55
56 --locality
57 The locality.
58
59 --organisation
60 The organisation
61
62 --organisation-unit
63 The organisation unit.
64
65 --common
66 The common name.
67
68 --email
69 The email.
70
72 Must be run once before any other command
73
74 Create a template openssl.cnf file and a configuration file with the
75 value provided, they are used in future command so you do not need to
76 enter them at every invocation.
77
78 The value provided must be the one you want in the certificate.
79
80 amssl [--client] --init [--country country-code] [--state state]
81 [--locality locality] [--organisation organisation]
82 [--organisation-unit organisation-unit] [--common common-name]
83 [--email email] [-o configoption...] [--config config]
84
85 A client is initialized with the --client options.
86
87 Create
88
89 $SSL_DIR/openssl.cnf.template
90 $SSL_DIR/openssl.data
91
93 Create a self-signed CA.
94
95 amssl --create-ca [--batch] [--config CONFIG]
96
97 You can also provide all options of the initialization step
98
99 You must enter a new CA passphrase, you must keep it secret and
100 remember it. It will be required every time you need to create a new
101 cetificate.
102
103 After you enter the passphrase, it will be asked 3 other times.
104
105 Create
106
107 $SSL_DIR/CA/crt.pem
108 $SSL_DIR/CA/private/key.pem
109
111 Create the amanda server certificate.
112
113 amssl --create-server-cert HOSTNAME [--batch] [--config CONFIG]
114
115 You can also provide all options of the initialization step
116
117 The CA passphrase is asked.
118
119 Create
120
121 $SSL_DIR/me/crt.pem
122 $SSL_DIR/me/fingerprint
123 $SSL_DIR/me/private/key.pem
124 $SSL_DIR/remote/HOSTNAME -> ../me
125
127 Create a client certificate, sign it by the CA certicate on the server
128 and both server and client learn the remore fingerprint.
129
130 DO NOT RUN IT ON SERVER. This will detroy the server certificate
131
132 It require to run amssl on the server and client at the same time
133
134 ssl-dir must be set in amanda-client.conf on the client.
135
136 Both server and client must already be initialized.
137
138 Run on the server:
139
140 amssl --create-client-cert client-host [--config CONFIG]
141
142 It wait for the client to connect and then sign the client certificate,
143 The CA passphrase is asked.
144
145 Run on the client:
146
147 amssl --client --create-client-cert CLIENT-HOST --server SERVER-HOST
148 [--batch] [--config CONFIG]
149
150 Create on server
151
152 $SSL_DIR/remote/CLIENT-HOST/fingerprint
153
154 Create on client
155
156 $SSL_DIR/me/crt.pem
157 $SSL_DIR/me/fingerprint
158 $SSL_DIR/me/private/key.pem
159 $SSL_DIR/remote/SERVER-HOST/fingerprint
160
162 Initialize the server
163 amssl --init --country US --state California --locality Sunnyvale
164 --organisation zmanda --organistion-unit engineering --common boss
165 --email 'email@email.com'
166
167 Create the CA on the server
168 amssl --create-ca
169
170 Create the server certificate
171 amssl --create-server-cert server.zmanda.com
172
173 Create a client certificate
174
175 On server:
176 amssl --create-client-cert client.zmanda.com
177
178 On client:
179 amssl --client --init --country US --state California
180 --locality Sunnyvale --organisation zmanda --organistion-unit
181 engineering --common boss --email 'email@email.com'
182
183 amssl --client --create-client-cert client.zmanda.com --server
184 server.zmanda.com
185
187 amanda(8), amanda.conf(5), amanda-client.conf(5), amanda(8), amanda-
188 auth(7), amanda-auth-ssl(7)
189
190 The Amanda Wiki: : http://wiki.zmanda.com/
191
193 James da Silva <jds@amanda.org>
194
195 Stefan G. Weichinger <sgw@amanda.org>
196
197
198
199Amanda 3.5.1 12/01/2017 AMSSL(8)