[cups.general] Unable to use local certificate with CUPS
Andrey Repin
anrdaemon at freemail.ru
Wed Aug 15 16:11:28 PDT 2012
Greetings, Michael Sweet.
>> AR> I'm moving internal infrastructure towards smooth connectivity, and one of the
>> AR> steps was to start using proper certificates to encrypt secure connections.
>> AR> Apache and other services already going fine, but CUPS made me a problem.
>> AR> When I point it to the new key/cert, it deny any attempts to connect to it
>> AR> using SSL.
>>
>> AR> E [28/Jul/2012:22:06:26 +0400] encrypt_client: Unable to encrypt connection from 192.168.1.10!
>> AR> E [28/Jul/2012:22:06:26 +0400] encrypt_client: Could not negotiate a supported cipher suite.
>>
>> AR> when I set links back to "snakeoil" certificate, everything start to behave.
>> AR> FS rights on key and certificate are copied from "snakeoil" one, so I can't
>> AR> think about it being file access problem.
>>
>> AR> Do I need any special OID's for certificate to work with CUPS, or anything
>> AR> else I've missed?
MS> Without knowing the version of CUPS or the OS you are using, it is hard to help.
MS> But for OS X, at least, your certificate needs to be at least 1024 bits these days (anything less is insecure and not accepted)
As you can see from mid:41647-cups.general at news.easysw.com , the key is
1024bit, indeed.
And OS is Ubuntu Linux 10.04 with CUPS 1.4.3 and Ubuntu 8.04 with CUPS 1.3.7.
Both exhibit the same issue.
--
Sincerely Yours, Andrey Repin <anrdaemon at freemail.ru>
More information about the cups
mailing list