Closed Flixter1 closed 9 years ago
@Flixter1,
What version of YETI are you using? The information on the wiki pages is deprecated (and really only applies to YETI 1.x, whereas the repo master is YETI 2.x) and http://yeti.readthedocs.org/en/latest/ is the most recent documentation.
Also - What are you trying to do? I've done a few deployments and can probably provide some information on how to do what you're trying to do.
Thank you. -Mark
Thank you for the fast response Mark.
I was deploying YETI on Apache 2.2 and I wanted to use SSL certificate, but as mentioned in the instructions I received the same error and I dont know how to setup the SSL certificate properly.
I checked the link with the new documentation but I dont find anything related YETI on Apache deployment. It will be great if you can give me some guidance how to set up the SSL?
Thank you,
Sure thing. You pretty much just want to use Apache's SSLVerifyClient
directive (I think it comes from mod_ssl):
SSLVerifyClient require
SSLCACertificateFile <path_to_your_certificate_file>.cer # A bunch of allowed certs concatenated together
SSLVerifyDepth 5
SSLOptions StdEnvVars # You may or may not want this, depending on what you're doing
This config requires clients to supply a certificate, verifies it against the specified file, up to the specified depth. The StdEnvVars
item decomposes the SSL Cert into HTTP Headers (Apache writes them into the request before YETI sees them) so that other applications can use that information to make authentication/authorization decisions.
This is only part of the answer: there's multiple ways to do certificate validation, and this is one of them. There are multiple ways to use Apache's certificate validation, and right now YETI doesn't do any of them.
Do you have a particular requirement you are looking to support? If so, we can look to maybe building it into YETI/django-taxii-services.
Thank you. -Mark
Hi Mark,
Thank you a lot for the help. I succeeded to set the certificate. I will close this issue.
I was going trough Apache 2.2 deployment and in the end it says :
Follow these instructions if you get the following error: SSLCACertificateFile: file '/data/yeti/yeti/client_certs/all_certs.cer' does not exist or is empty
Start YETI using Django's runserver: python manage.py runserver 80 (or python manage.py runserver 0.0.0.0:80 if you need to connect remotely). Navigate to the http://hostname/admin/yeti/certificate/ URL. Enter a certificate. Done! You can stop Django's runserver and start Apache.
When I try to navigate to admin/yeti/certificate/ URL. I receive page not found.
Can you please assist me with this?