Cups over ssl help

Ricky Armstead rarmstead at bluecanopy.com
Thu Nov 30 03:50:52 PST 2006 

I currently run cups 1.2.7 on gentoo. When I go to http://localhost:631/ it allows me to do administration from there. I would like that address to be https://localhost:443/.

Do you have to manually generate a cert and a server key, and put it in /etc/cups/ssl. Or does cups automatically generate one when you compile cups?

As of now I cannot access neither web interface to do administration.


My error log


d [30/Nov/2006:06:48:34 -0500] cupsdStartListening: 4 Listeners
I [30/Nov/2006:06:48:34 -0500] Listening to 0.0.0.0:443 on fd 2...
E [30/Nov/2006:06:48:34 -0500] Unable to open listen socket for address :::443 - Address family not supported by protocol.
E [30/Nov/2006:06:48:34 -0500] Unable to bind socket for address 0.0.0.0:443 - Address already in use.
E [30/Nov/2006:06:48:34 -0500] Unable to open listen socket for address :::443 - Address family not supported by protocol.
d [30/Nov/2006:06:48:34 -0500] cupsdSetEnv: CUPS_SERVER=localhost
d [30/Nov/2006:06:48:34 -0500] cupsdSetEnv: CUPS_ENCRYPTION=IfRequested
d [30/Nov/2006:06:48:34 -0500] cupsdSetEnv: IPP_PORT=443
d [30/Nov/2006:06:48:34 -0500] cupsdResumeListening: Setting input bits...
d [30/Nov/2006:06:48:34 -0500] cupsdResumeListening: Adding fd 2 to InputSet...
d [30/Nov/2006:06:48:34 -0500] cupsdStartBrowsing: Adding fd 3 to InputSet...
d [30/Nov/2006:06:48:34 -0500] cupsdStartServer: Adding fd 4 to InputSet...
d [30/Nov/2006:06:48:34 -0500] cupsdAddCert: adding certificate for pid 0
d [30/Nov/2006:06:48:34 -0500] cupsdAddCert: NumSystemGroups=1




MY cupsd.conf looks like this:

# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
#LogLevel debug
LogLevel debug2

# Administrator user group...
#SystemGroup lpadmin

# Only listen for connections from the local machine.
#Listen localhost:631
Port 443
Port 631
#Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
#Browsing On
#BrowseOrder allow,deny
#BrowseAllow @LOCAL

# encryption
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
SSLPort 443
<Location />
Encryption Required
</Location>

# Type of Encryption if requested
DefaultEncryption IfRequested

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
#  Order allow,deny
#  Allow localhost
   Order Deny,Allow
   Deny From All
   Allow From 127.0.0.1
   Allow From 10.1.2.*
   Allow From 10.1.6.*
   Allow From 10.1.4.*
   Allow From 10.1.11.*
</Location>

# Restrict access to the admin pages...
<Location /admin>
#   Encryption Required
#  Order allow,deny
#   Allow localhost
   Order Deny,Allow
   Deny From All
   Allow From 127.0.0.1
   Allow From 10.1.2.*
   Allow From 10.1.6.*
   Allow From 10.1.4.*
   Allow From 10.1.11.*
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
#  AuthType Basic
#  Require user @SYSTEM
#  Order allow,deny
#  Allow localhost
   Order Deny,Allow
   Deny From All
   Allow From 127.0.0.1
   Allow From 10.1.2.*
   Allow From 10.1.6.*
   Allow From 10.1.4.*
   Allow From 10.1.11.*
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an adminstrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
    Require user @OWNER @SYSTEM @wheel @IT root
    Order deny,allow
  </Limit>

  # All administration operations require an adminstrator to authenticate...
  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
    AuthType Basic
    Require user @SYSTEM @IT @wheel @IT root
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM @IT @wheel @IT root
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

any help would be appreciated thanks!

More information about the cups mailing list