Sebastian Reitenbach wrote:
> I have some problems to get my webdav via SSL mounted automatically. davfs2
> when mounting, it takes my secrets file. I have a servercert file specified
> in davfs2.conf, because my cert is self-signed. When I chmod 600 that file,
> then davfs2 ends with a permission denied error, so in general, the file
> specified there is used. I took the *pem file from the webserver, from which
> However, when I mount the webdav drive, then I still get asked, whether I
> want to trust the certificate or not. The fingerprint shown there, how do I
> get it out of the .pem file? I tried
> openssl x509 -noout -text -in pemfile.pem but there was nothing called
> fingerprint. There was a X509v3 Subject Key Identifier: but that was
> different. Any idea what I am missing, or hint to debug the problem, would
> be great.
There is no need to set mode 600 for the server certificate. The server
certificate contains the *public* key of the server and should be world
readable. As davfs2 always tries to run with as little privileges as
possible, it cannot read server certificates owned by root with mode 600.
Please note: This is quite different from client certificates. These are
in PKCS#12-format and contain the *private* key. They must have mode 600.
Display the certificate MD5 fingerprint:
openssl x509 -in cert.pem -noout -fingerprint
Display the certificate SHA1 fingerprint:
openssl x509 -sha1 -in cert.pem -noout -fingerprint
(from man x509).