[one-users] econe-server with x509 and econe command

Ruben S. Montero rsmontero at opennebula.org
Fri Sep 14 15:19:15 PDT 2012


Hi

The HTTP_SSL_CLIENT_CERT variable should be set by the Web server as a
result of the SSL handshake. The econe server should be configured through
a SSL proxy [1]

Cheers

ruben

[1]
http://opennebula.org/documentation:rel3.6:ec2qcg#configuring_a_ssl_proxy

On Fri, Sep 14, 2012 at 10:41 PM, Hyun Woo Kim <hyunwoo at fnal.gov> wrote:

> Dear developers,
>
> $ONE_LOCATION/etc/econe.conf  has
> :auth: x509
>
> I understand this eventually causes
> do_auth in $ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
> to be invoked.
>
> This code X509CloudAuth.rb has
>         cert_line   = env['HTTP_SSL_CLIENT_CERT']
> at the beginning,
>
> but, it is empty.
>
> For this test, I am using econe-upload command with the following options
> econe-upload -M
> --access-key  "my account name"
> --secret-key   "the DN of my certificate"
> --url https://hostname:8443 (this is our site-specific)
> pathname to image file
>
>
> I think this result (HTTP_SSL_CLIENT_CERT being empty) is natural
> because the command econe-upload does not point to my actual certificate..
>
> Could you please clarify on how to use x509 auth with econe?
>
> Thank you in advance.
> Hyunwoo
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120915/78e40c24/attachment-0002.htm>


More information about the Users mailing list