Provided by: amanda-common_3.5.1-1ubuntu0.3_amd64 bug

NAME

       amssl - Program to manage amanda ssl certificates

SYNOPSIS

       amssl [--client] [--init | --create-ca | --create-server-cert server-host |
             --create-client-cert client-host [--server server-host] ] [--country country-code]
             [--state state] [--locality locality] [--organisation organisation]
             [--organisation-unit organisation-unit] [--common common-name] [--email email]
             [-o configoption...] [--config config]

DESCRIPTION

       amssl is a program to manage amanda ssl certificates for the ssl auth. It can create
       self-signed CA, server certificate and client certificates.

OPTIONS

       --create-ca
           Create a self-signed CA.

       --create-server-cert
           Create a server certificate.

       --create-client-cert CLIENT-HOSTNAME
           Create a client certificate.

       --server SERVER-HOSTNAME
           The amanda server to connect to.

       --batch
           use the certificate fields set in the initialization, there is confirmation.

           This option is useless if one the fields was not set in the initiatization.

       --client
           When running amssl on a client.

       --init
           Initialize the host.

       The following options are the one needed by a certificate

       --country
           The two letter country code.

       --state
           The State.

       --locality
           The locality.

       --organisation
           The organisation

       --organisation-unit
           The organisation unit.

       --common
           The common name.

       --email
           The email.

INITIALISATION

       Must be run once before any other command

       Create a template openssl.cnf file and a configuration file with the value provided, they
       are used in future command so you do not need to enter them at every invocation.

       The value provided must be the one you want in the certificate.

       amssl [--client] --init [--country country-code] [--state state] [--locality locality]
             [--organisation organisation] [--organisation-unit organisation-unit]
             [--common common-name] [--email email] [-o configoption...] [--config config]

       A client is initialized with the --client options.

       Create

            $SSL_DIR/openssl.cnf.template
            $SSL_DIR/openssl.data

CREATE A SELF-SIGNED CA

       Create a self-signed CA.

       amssl --create-ca [--batch] [--config CONFIG]

       You can also provide all options of the initialization step

       You must enter a new CA passphrase, you must keep it secret and remember it. It will be
       required every time you need to create a new cetificate.

       After you enter the passphrase, it will be asked 3 other times.

       Create

            $SSL_DIR/CA/crt.pem
            $SSL_DIR/CA/private/key.pem

CREATE THE SERVER CERTIFICATE

       Create the amanda server certificate.

       amssl --create-server-cert HOSTNAME [--batch] [--config CONFIG]

       You can also provide all options of the initialization step

       The CA passphrase is asked.

       Create

            $SSL_DIR/me/crt.pem
            $SSL_DIR/me/fingerprint
            $SSL_DIR/me/private/key.pem
            $SSL_DIR/remote/HOSTNAME -> ../me

CREATE A CLIENT CERTIFICATE

       Create a client certificate, sign it by the CA certicate on the server and both server and
       client learn the remore fingerprint.

       DO NOT RUN IT ON SERVER. This will detroy the server certificate

       It require to run amssl on the server and client at the same time

       ssl-dir must be set in amanda-client.conf on the client.

       Both server and client must already be initialized.

       Run on the server:

       amssl --create-client-cert client-host [--config CONFIG]

       It wait for the client to connect and then sign the client certificate, The CA passphrase
       is asked.

       Run on the client:

       amssl --client --create-client-cert CLIENT-HOST --server SERVER-HOST [--batch]
             [--config CONFIG]

       Create on server

            $SSL_DIR/remote/CLIENT-HOST/fingerprint

       Create on client

            $SSL_DIR/me/crt.pem
            $SSL_DIR/me/fingerprint
            $SSL_DIR/me/private/key.pem
            $SSL_DIR/remote/SERVER-HOST/fingerprint

EXAMPLE

       Initialize the server
           amssl --init --country US --state California --locality Sunnyvale --organisation
           zmanda --organistion-unit engineering --common boss --email 'email@email.com'

       Create the CA on the server
           amssl --create-ca

       Create the server certificate
           amssl --create-server-cert server.zmanda.com

       Create a client certificate

           On server:
               amssl --create-client-cert client.zmanda.com

           On client:
               amssl --client --init --country US --state California --locality Sunnyvale
               --organisation zmanda --organistion-unit engineering --common boss --email
               'email@email.com'

               amssl --client --create-client-cert client.zmanda.com --server server.zmanda.com

SEE ALSO

       amanda(8), amanda.conf(5), amanda-client.conf(5), amanda(8), amanda-auth(7), amanda-auth-
       ssl(7)

       The Amanda Wiki: : http://wiki.zmanda.com/

AUTHORS

       James da Silva <jds@amanda.org>

       Stefan G. Weichinger <sgw@amanda.org>