Self-signed certificate is ignored?

  • cy_sfnet_2007

    I'm trying to skip the "Server cerifticate could not be verified" prompt. Everything (user, pass, mounting, etc) works fine, except that annoying "[yN]" question, I want to skip it.

    So I've copied the CA certificate of my WebDav Server under "/etc/ssl/" (which "/usr/lib/ssl" is a symlink to). I've moved them under "certs" and "private", and with all my desparation I've even copied everything (private key, certificate, and even csr) from my WebDav server to the client.

    The only workaround I've come so far is "echo y | mount /home/webdav/ox_files/" which is, goes without saying, b.ttugly and insecure.

    Can someone please explain me in detail, what is needed, how the files should be renamed and where they should be copied under?


    • Werner Baumann
      Werner Baumann

      Most propably OpenSSL does not recognize your certificate because it does not know the file name. For OpenSSL to find a certificate, the filename must be a hash value of the name of the certificate owner. You can create this hash value using the 'openssl x509' command. Usually symbolik links are created, using command substitution like this

      # ln -s certfile.pem `openssl x509 -in certfile.pem -hash -noout`.0

      This will create a symbolik link to file certfile.pem with a name like 'e268a4c5.0'. Of course 'certfile.pem' must be replaced by the name of your file.

      If this does not work, there may be some mismatch between the versions of neon, openssl and davfs2. This should not happen, if you build davfs2 on your system from the source package or if you got it from your distribution. But it might happen with the binary version of davfs2 (because I build it on Debian Sarge, but other distributions may have configured SSL differently from Debian).

      You definitely don't need the private key, its really private to the server, and you should delete it from your client. The certificate also should not go into some private directory, but into the same directory where all the other CA-dertifacates can be foud.