TAXIIProject / yeti

YETI is a TAXII implementation
BSD 3-Clause "New" or "Revised" License
46 stars 19 forks source link

admin/yeti/certificate/ page not found #79

Closed Flixter1 closed 9 years ago

Flixter1 commented 9 years ago

I was going trough Apache 2.2 deployment and in the end it says :

Follow these instructions if you get the following error: SSLCACertificateFile: file '/data/yeti/yeti/client_certs/all_certs.cer' does not exist or is empty

Start YETI using Django's runserver: python manage.py runserver 80 (or python manage.py runserver 0.0.0.0:80 if you need to connect remotely). Navigate to the http://hostname/admin/yeti/certificate/ URL. Enter a certificate. Done! You can stop Django's runserver and start Apache.

When I try to navigate to admin/yeti/certificate/ URL. I receive page not found.

Can you please assist me with this?

MarkDavidson commented 9 years ago

@Flixter1,

What version of YETI are you using? The information on the wiki pages is deprecated (and really only applies to YETI 1.x, whereas the repo master is YETI 2.x) and http://yeti.readthedocs.org/en/latest/ is the most recent documentation.

Also - What are you trying to do? I've done a few deployments and can probably provide some information on how to do what you're trying to do.

Thank you. -Mark

Flixter1 commented 9 years ago

Thank you for the fast response Mark.

I was deploying YETI on Apache 2.2 and I wanted to use SSL certificate, but as mentioned in the instructions I received the same error and I dont know how to setup the SSL certificate properly.

I checked the link with the new documentation but I dont find anything related YETI on Apache deployment. It will be great if you can give me some guidance how to set up the SSL?

Thank you,

MarkDavidson commented 9 years ago

Sure thing. You pretty much just want to use Apache's SSLVerifyClient directive (I think it comes from mod_ssl):

SSLVerifyClient require
SSLCACertificateFile <path_to_your_certificate_file>.cer # A bunch of allowed certs concatenated together
SSLVerifyDepth 5
SSLOptions StdEnvVars # You may or may not want this, depending on what you're doing

This config requires clients to supply a certificate, verifies it against the specified file, up to the specified depth. The StdEnvVars item decomposes the SSL Cert into HTTP Headers (Apache writes them into the request before YETI sees them) so that other applications can use that information to make authentication/authorization decisions.

This is only part of the answer: there's multiple ways to do certificate validation, and this is one of them. There are multiple ways to use Apache's certificate validation, and right now YETI doesn't do any of them.

Do you have a particular requirement you are looking to support? If so, we can look to maybe building it into YETI/django-taxii-services.

Thank you. -Mark

Flixter1 commented 9 years ago

Hi Mark,

Thank you a lot for the help. I succeeded to set the certificate. I will close this issue.