(reposting with the rest of the thread removed... it was too big and
getting moderated)
Yup, they are:
[root@riak01 riak]# ls -al /etc/riak/ssl.*
-rw-r--r--. 1 root root 2122 Jul 12 16:49 /etc/riak/ssl.crt
-rw-r--r--. 1 root root 3272 Jul 12 16:49 /etc/riak/ssl.key
In fact, I straced the beam process to see if that would show anything
outside of what was showing up in the logs and noticed one thing that was
somewhat interesting. The process check to see if the cert and key files
are writeable (which they are not). On the off chance that that was
problematic, I changed the owner and group of the cert and key to be 'riak'
and the check for write access was succeeding, however it didn't change the
end result. Here is a snip from the strace before changing the owner and
group:
31520 stat("/etc/riak/ssl.crt", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=2122, ...}) = 0
31520 access("/etc/riak/ssl.crt", R_OK) = 0
31520 access("/etc/riak/ssl.crt", W_OK) = -1 EACCES (Permission denied)
...
31520 stat("/etc/riak/ssl.key", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=3272, ...}) = 0
31520 access("/etc/riak/ssl.key", R_OK) = 0
31520 access("/etc/riak/ssl.key", W_OK) = -1 EACCES (Permission denied)
And after:
31520 stat("/etc/riak/ssl.crt", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=2122, ...}) = 0
31520 access("/etc/riak/ssl.crt", R_OK) = 0
31520 access("/etc/riak/ssl.crt", W_OK) = 0
...
31520 stat("/etc/riak/ssl.key", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=3272, ...}) = 0
31520 access("/etc/riak/ssl.key", R_OK) = 0
31520 access("/etc/riak/ssl.key", W_OK) = 0
On Fri, Jul 13, 2012 at 1:34 PM, Dave Parfitt <dparf...@basho.com> wrote:
> Hi Michael -
>
> [root@riak01 riak]# openssl verify /etc/riak/ssl.crt
>>>>
>>>
> I see you are using root to create/verify these certs - are they readable
> by the riak user?
>
>
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
