Using epoptes on Ubuntu 15.10 Wily LTSP [Solved]

Epoptes does not work out of the box!

I get this error with socat 1.7.3.0:

/usr/sbin/epoptes-client
* Epoptes-client connecting to server:789…
2016/03/17 17:15:10 socat[3057] E certificate is valid but its commonName does not match hostname

Here is an excerpt from man:

Since version 1.7.3.0 socat checks the peer certificate for match with the
<host> parameter or the value of the openssl-commonname option. Socat tries to match it against the certificates subject commonName, and the
certifications extension subjectAltName DNS names. Wildcards in the certificate are supported.

The solution was to  follow this guide to create my own certificate: https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html

cd /etc/epoptes/
openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Make sure to use “server” as your CommonName.

Then request the new certificate in your ltsp chroot:

sudo ltsp-chroot
epoptes-client -c # Fetches the OpenSSL certificate from the server
exit
sudo ltsp-update-image

Leave a Reply

Your email address will not be published. Required fields are marked *