[CalendarServer-users] Exception thrown when using chained certificates
Nikola Knežević
laladelausanne at gmail.com
Sat Apr 6 02:15:31 PDT 2013
On Apr 5, 2013, at 19:33 , Morgen Sagen wrote:
> Calendar server uses a couple different mechanisms to acquire a certificate's passphrase:
>
> 1) It will run the program specified in caldavd.plist "SSLCertAdmin", which defaults to /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin on OS X Server. It passes "--get-private-key-passphrase /path/to/private.key" to that program which returns the passphrase on stdout.
>
> 2) It will run the program specified in caldavd.plist "SSLPassPhraseDialog", which defaults to /etc/apache2/getsslpassphrase. It determines whether the key type is DSA or RSA, and then <serverhostname>:<port> <keytype> to that program which returns the passphrase on stdout.
>
> You could try configuring the SSLPassPhraseDialog key to an appropriate program on your system. The problem is I don't know if this will work if the program you specify needs to interact with a tty to prompt for the passphrase because the calendar server worker processes don't have a tty as far as I know.
>
Glyph, Fred and Morgen,
thanks for your help on this issue. I confirm that once I strip the password from the key, caldavd works as expected.
I will check whether I can use security(1) tool in place of SSLPassPhraseDialog (with some modifications to caldavd's code), as I don't have certadmin on my Mac OS X.
Thanks once again,
Nikola
More information about the calendarserver-users
mailing list