Issue 2551219: Document PEM file for roundup-server needs to include both key and cert.

classification

Title:	Document PEM file for roundup-server needs to include both key and cert.
Type:	behavior	Severity:	minor
Components:	Documentation, Web interface	Versions:

process

Status:	new	Resolution:
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj
Priority:	normal	Keywords:	Effort-Low, StarterTicket

Created on 2022-07-14 20:10 by rouilj, last changed 2022-07-14 20:10 by rouilj.

Messages
msg7608	Author: [hidden] (rouilj)	Date: 2022-07-14 20:10
In https://sourceforge.net/p/roundup/mailman/message/37680982/ with subject "Starting tracker gives [('SSL routines', '', 'PEM lib')]" it looks like the format of the PEM file to give to roundup-server when operating in SSL/TLS mode isn't properly described. The file needs to have both the key surrounded by private key markers something like: ----- BEGIN PRIVATE KEY ---- ----- END PRIVATE KEY ---- and the corresponding certificate (in PKCS#8 format) surrounded by the certificate markers like: ---- BEGIN CERTIFICATE ---- and similar for end. This can be done by concatenating the key and certificate files together into one file and using that file. Add doc on this in a couple of places: to the config in roundup-server so it is added to the generated config file in the roundup-server man page Also that error is a bit cryptic. Consider trapping it and the error shown in: https://sourceforge.net/p/roundup/mailman/message/37681042/ when the PEM file only has the key in it and producing a more useful error. Maybe: PEM file seems to have an error does it contain both a key and certificate? Note until issue 2551137 is solved, this is a bit of a moot point as roundup-server won't serve anything, but having it fixed is still a win.

msg7608

Author: [hidden] (rouilj)

Date: 2022-07-14 20:10

In https://sourceforge.net/p/roundup/mailman/message/37680982/
with subject "Starting tracker gives [('SSL routines', '', 'PEM lib')]"

it looks like the format of the PEM file to give to roundup-server when operating in
SSL/TLS mode isn't properly described.

The file needs to have both the key surrounded by private key markers
something like:

----- BEGIN PRIVATE KEY ----
----- END PRIVATE KEY   ----

and the corresponding certificate (in PKCS#8 format)
surrounded by the certificate markers like:

---- BEGIN CERTIFICATE ----

and similar for end. This can be done by concatenating the key and certificate
files together into one file and using that file.

Add doc on this in a couple of places:

  to the config in roundup-server so it is added to the generated config file

  in the roundup-server man page

Also that error is a bit cryptic. Consider trapping it and the error shown in:

   https://sourceforge.net/p/roundup/mailman/message/37681042/

when the PEM file only has the key in it and producing a more useful error.
Maybe:

 PEM file seems to have an error does it contain both a key and certificate?

Note until issue 2551137 is solved, this is a bit of a moot point as roundup-server won't
serve anything, but having it fixed is still a win.

History
Date	User	Action	Args
2022-07-14 20:10:44	rouilj	set	components: + Web interface, Documentation
2022-07-14 20:10:24	rouilj	create

Roundup Tracker - Issues

Issue 2551219