Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: How to generate ssl cert for project?

  1. #1

    Exclamation How to generate ssl cert for project?

    I am looking for some help to generate SSL certificate for a project in my private OBS instance.

    I tried following https://en.opensuse.org/openSUSE:Build_Service_Signer, but no luck.

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,046
    Blog Entries
    2

    Default Re: How to generate ssl cert for project?

    You'll probably have to describe your purpose and intended use.
    Note that you asked for an SSL certificate whereas the article you referenced describes creating a GPG key for assets in your project which is pretty standard(You would not use an SSL certificate).

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3

    Default Re: How to generate ssl cert for project?

    Quote Originally Posted by tsu2 View Post
    You'll probably have to describe your purpose and intended use.
    Note that you asked for an SSL certificate whereas the article you referenced describes creating a GPG key for assets in your project which is pretty standard(You would not use an SSL certificate).

    TSU
    My mistake, I should have explained it earlier.

    Our code uses that certificate for signing. I do not think I have an option to use GPG key as the code is designed and developed by someone else.

    I am using OBS 2.10 version and by default, ssl certificate is not being created for the projects. Even when I try osc signkey --create $project command, its not getting generated

    Please lemme know how should I generate an ssl for project

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,046
    Blog Entries
    2

    Default Re: How to generate ssl cert for project?

    I've never heard that you can use a self-signed code for code signing.
    I suppose like anything else you could generate your own certificate but I can't see how anyone would accept it for validation.

    All situations I've been a part of, or have worked with others require the certificate to be issued by a recognized Certificate Authority, you would submit a CSR including your requirements, and the certificate is issued to you.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #5

    Default Re: How to generate ssl cert for project?

    I don't mean self signed certificate. Below is what I meant.

    https://photos.app.goo.gl/nMTf5jnZ2WUQrkqC6

    How to get my project to generate SSL Cert?

    I know I am sounding noob. I am new to OBS

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,046
    Blog Entries
    2

    Default Re: How to generate ssl cert for project?

    I don't build projects in OBS,
    But
    Principles are likely the same no matter what environment, keeping in mind environment-specific tools

    Assuming that your screenshot is a tool that imports a certificate to sign your project, you should...

    1. Select a Certificate Authority service that supports code signing.. Biggest CA on the Internet like Verisign and Thwaite are examples but any CA can be used as long as your clients (whoever installs your app) are set up to trust.
    2. Using the CA's tools, submit a CSR that specifies your purpose (code signing)
    3. When the certificate is issued by your CA, copy and paste (or point to the file)the certificate info into the OBS import tool.

    It's usually as simple as that.
    After you build some code, you can test to make sure your setup is correct.

    The problem with creating your own certificate like what you're describing is that no one will be set up to trust you as the entity that created your certificate, so Users will be prevented from installing your app. An example where you wouldn't have to pay for and get a certificate from a commercial CA is if you're building apps that will be run only within your company. You can then deploy your own CA (possibly tied to network security like LDAP so your CA is automatically trusted by the machines in your company), and then use the CSR process so that your CA can generate the certificate you need which would then be imported into the tool you use to build your apps. When your build tool has that certificate, then you can build any number of apps and machines in your network should trust the certificate used to sign your code and install without a problem.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  7. #7
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    28,170
    Blog Entries
    15

    Default Re: How to generate ssl cert for project?

    Quote Originally Posted by mityvarun View Post
    I am looking for some help to generate SSL certificate for a project in my private OBS instance.

    I tried following https://en.opensuse.org/openSUSE:Build_Service_Signer, but no luck.
    Hi
    You probably need to describe at which step from the above process the error is and also show the output of the errors/issues.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,046
    Blog Entries
    2

    Default Re: How to generate ssl cert for project?

    Quote Originally Posted by mityvarun View Post
    My mistake, I should have explained it earlier.

    Our code uses that certificate for signing. I do not think I have an option to use GPG key as the code is designed and developed by someone else.

    I am using OBS 2.10 version and by default, ssl certificate is not being created for the projects. Even when I try osc signkey --create $project command, its not getting generated

    Please lemme know how should I generate an ssl for project
    Note that what you're describing here either requires you to trust the code signing by the original coder or you can simply disable the check altogether.
    This doesn't likely involve any tool to import a certificate because when you import a cert, you're using it for the entire application whereas to use a code snippet from elsewhere is specific only to that code snippet... At least, that's how I look at it.

    Therefor,
    If you really do want to do a signing check my guess is that it should be done manually and likely won't require a few lines.
    Otherwise, if you're certain about the code integrity and don't have to deal with a specification or regulation, I'd simply just use the code snippet without a check.

    Repeating though that I don't code using OBS,
    So someone else may have another opinion. In fact, the following OBS documentation recommends a Discord room (and there is probably IRC) for OBS setup questions

    https://github.com/obsproject/obs-st...l-Instructions

    TSU

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    28,170
    Blog Entries
    15

    Default Re: How to generate ssl cert for project?

    Quote Originally Posted by tsu2 View Post
    Note that what you're describing here either requires you to trust the code signing by the original coder or you can simply disable the check altogether.
    This doesn't likely involve any tool to import a certificate because when you import a cert, you're using it for the entire application whereas to use a code snippet from elsewhere is specific only to that code snippet... At least, that's how I look at it.

    Therefor,
    If you really do want to do a signing check my guess is that it should be done manually and likely won't require a few lines.
    Otherwise, if you're certain about the code integrity and don't have to deal with a specification or regulation, I'd simply just use the code snippet without a check.

    Repeating though that I don't code using OBS,
    So someone else may have another opinion. In fact, the following OBS documentation recommends a Discord room (and there is probably IRC) for OBS setup questions

    https://github.com/obsproject/obs-st...l-Instructions

    TSU

    TSU
    Hi
    That is NOT the Build Service link, that is obs-studio which are two completely different things, perhaps take a step back since you aren't using the build service?

    @OP, again what are the errors, you can also get help on IRC Freenode #opensuse-buildservice or the build service Mailing list;
    openSUSE:Communication channels - openSUSE
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  10. #10

    Default Re: How to generate ssl cert for project?

    Hi,

    Error while building the signing packages are

    136s] cat: debian/certs/obs.pem: No such file or directory\
    [ 136s] dh_testdir\


    [ 54s] dh binary --with signobs
    [ 54s] create-stamp debian/debhelper-build-stamp
    [ 54s] dh_testroot
    [ 54s] dh_prep
    [ 54s] dh_signobs_unpack
    [ 54s] /usr/src/packages/BUILD/debian/signatures /usr/src/packages/BUILD
    [ 54s] 3 blocks
    [ 54s] certutil: unable to open "../../../SOURCES/_projectcert.crt" for reading (-5950, 2).
    [ 54s] debian/rules:5: recipe for target 'binary' failed
    [ 54s] make: *** [binary] Error 255
    [ 54s] dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2
    [ 54s]
    [ 54s] obs failed "build grub2-signed-signed_2.1+signed.dsc" at Thu Jan 16 12:51:54 UTC 2020.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •