NAME

amssl - Program to manage amanda ssl certificates

SYNOPSIS

amssl [--client] [--init | --create-ca | --create-server-cert  server-host | --create-client-cert  client-host [--server  server-host] ] [--country  country-code] [--state state] [--locality  locality] [--organisation organisation] [--organisation-unit  organisation-unit] [--common  common-name] [--email  email] [-o configoption...] [--config  config]

DESCRIPTION

amssl is a program to manage amanda ssl certificates for the ssl auth. It can create self-signed CA, server certificate and client certificates.

OPTIONS

--create-ca
Create a self-signed CA.
--create-server-cert
Create a server certificate.
--create-client-cert CLIENT-HOSTNAME
Create a client certificate.
--server SERVER-HOSTNAME
The amanda server to connect to.
--batch
use the certificate fields set in the initialization, there is confirmation.
 
This option is useless if one the fields was not set in the initiatization.
--client
When running amssl on a client.
--init
Initialize the host.
The following options are the one needed by a certificate
--country
The two letter country code.
--state
The State.
--locality
The locality.
--organisation
The organisation
--organisation-unit
The organisation unit.
--common
The common name.
--email
The email.

INITIALISATION

Must be run once before any other command
Create a template openssl.cnf file and a configuration file with the value provided, they are used in future command so you do not need to enter them at every invocation.
The value provided must be the one you want in the certificate.
amssl [--client] --init [--country  country-code] [--state state] [--locality  locality] [--organisation  organisation] [--organisation-unit organisation-unit] [--common  common-name] [--email  email] [-o configoption...] [--config  config]
A client is initialized with the --client options.
Create
 
      $SSL_DIR/openssl.cnf.template
      $SSL_DIR/openssl.data

CREATE A SELF-SIGNED CA

Create a self-signed CA.
amssl --create-ca [--batch] [--config  CONFIG]
You can also provide all options of the initialization step
You must enter a new CA passphrase, you must keep it secret and remember it. It will be required every time you need to create a new cetificate.
After you enter the passphrase, it will be asked 3 other times.
Create
 
     $SSL_DIR/CA/crt.pem
     $SSL_DIR/CA/private/key.pem

CREATE THE SERVER CERTIFICATE

Create the amanda server certificate.
amssl --create-server-cert  HOSTNAME [--batch] [--config CONFIG]
You can also provide all options of the initialization step
The CA passphrase is asked.
Create
 
     $SSL_DIR/me/crt.pem
     $SSL_DIR/me/fingerprint
     $SSL_DIR/me/private/key.pem
     $SSL_DIR/remote/ HOSTNAME -> ../me

CREATE A CLIENT CERTIFICATE

Create a client certificate, sign it by the CA certicate on the server and both server and client learn the remore fingerprint.
DO NOT RUN IT ON SERVER. This will detroy the server certificate
It require to run amssl on the server and client at the same time
ssl-dir must be set in amanda-client.conf on the client.
Both server and client must already be initialized.
Run on the server:
amssl --create-client-cert  client-host [--config CONFIG]
It wait for the client to connect and then sign the client certificate, The CA passphrase is asked.
Run on the client:
amssl --client --create-client-cert  CLIENT-HOST --server SERVER-HOST [--batch] [--config  CONFIG]
Create on server
 
     $SSL_DIR/remote/ CLIENT-HOST/fingerprint
Create on client
 
     $SSL_DIR/me/crt.pem
     $SSL_DIR/me/fingerprint
     $SSL_DIR/me/private/key.pem
     $SSL_DIR/remote/ SERVER-HOST/fingerprint

EXAMPLE

Initialize the server
amssl --init --country US --state California --locality Sunnyvale --organisation zmanda --organistion-unit engineering --common boss --email '[email protected]'
Create the CA on the server
amssl --create-ca
Create the server certificate
amssl --create-server-cert server.zmanda.com
Create a client certificate
On server:
amssl --create-client-cert client.zmanda.com
On client:
amssl --client --init --country US --state California --locality Sunnyvale --organisation zmanda --organistion-unit engineering --common boss --email '[email protected]'
 
amssl --client --create-client-cert client.zmanda.com --server server.zmanda.com

SEE ALSO

amanda(8), amanda.conf(5), amanda-client.conf(5), amanda(8), amanda-auth(7), amanda-auth-ssl(7)
The Amanda Wiki: : http://wiki.zmanda.com/

AUTHORS

James da Silva <[email protected]>
Stefan G. Weichinger <[email protected]>

Recommended readings

Pages related to amssl you should read also:
amanda-auth-ssl(7) amanda-auth(7) amanda-client.conf(5) amanda(8) amanda.conf(5)

Questions & Answers

Helpful answers and articles about amssl you may found on these sites:
Stack Overflow Server Fault Super User Unix & Linux Ask Ubuntu Network Engineering DevOps Raspberry Pi Webmasters Google Search