Hi, I'm creating my own repository and have created a key for it. I've created a CSR for it and used that to generate a certificate via our internal CA. Because there was no other information available, I used the profile that we use to generate SSL-certificates for web servers. I copied the certificate to the server and adjusted pkg.conf, but when I want to query the repository, I get: root at server:/etc/ssl/cert # pkg install net-snmpd Updating repository catalogue repo.txz 100% 219KB 219.5KB/s 219.5KB/s 00:00 pkg: error reading public key(/etc/ssl/pkg.conf): error:0906D06C:PEM routines:PEM_read_bio:no start line pkg: Invalid signature, removing repository. What does pkg expect to be in this file? openssl x509 displays the data for the certificate correctly, so I really don't know what's missing. I ktraced pkg and it is indeed reading the file. Best Regards Rainer
On Thu, Dec 27, 2012 at 6:22 PM, Rainer Duffner <rainer at ultra-secure.de> wrote:> Hi, > > I'm creating my own repository and have created a key for it. > > I've created a CSR for it and used that to generate a certificate via > our internal CA. Because there was no other information available, I > used the profile that we use to generate SSL-certificates for web > servers. > > I copied the certificate to the server and adjusted pkg.conf, but when I > want to query the repository, I get: > > root at server:/etc/ssl/cert # pkg install net-snmpd > Updating repository catalogue > repo.txz > 100% 219KB 219.5KB/s 219.5KB/s 00:00 pkg: error reading public > key(/etc/ssl/pkg.conf): error:0906D06C:PEM routines:PEM_read_bio:no > start line pkg: Invalid signature, removing repository. > > > What does pkg expect to be in this file? > > > openssl x509 displays the data for the certificate correctly, so I > really don't know what's missing. > > I ktraced pkg and it is indeed reading the file. > > > > > Best Regards > RainerSee Glen Barber's page about "Maintaining your own pkgng repository". https://glenbarber.us/2012/06/11/Maintaining-Your-Own-pkgng-Repository.html HTH -Kimmo
In article <20121227162311$64db at grapevine.csail.mit.edu>, rainer at ultra-secure.de writes:>I'm creating my own repository and have created a key for it.[...]>What does pkg expect to be in this file?A public key. It does not use X.509 (nor is there any reason why it should, although I suppose it could be made to at the cost of significant added complexity and a bootstrapping problem). -GAWollman