To Systems Overview - To Software Software - To Software-Assessment - Software/Assessment
Testserver Setup and technical details
This is a reverse engineering notepad on how the Testserver test.cacert.org has been set up.
Contents
Signer
The OpenSSL config files in /etc/ssl should be adjusted: crlDistributionPoints, authorityInfoAccess, ...
The Testserver keys have to be provided for download.
Signer Client
Testmgr
Blog
pages/index/feed.rss get displayed as Latest news on the startpage. Sample page:
<?xml version="1.0" encoding="UTF-8"?><!-- generator="WordPress/2.5.1" --> <rss version="0.92"> <channel> <title>CAcert NEWS Blog</title> <link>http://blog.cacert.org</link> <description>CAcert NEWS and up coming events.</description> <lastBuildDate>Fri, 20 Aug 2010 11:54:30 +0000</lastBuildDate> <docs>http://backend.userland.com/rss092</docs> <language>en</language> <item> <title>Looking for confirmation email on creating account?</title> <description>Please go to https://ca-mgr1.it-sls.de/login login with your just created account and password. Under MAIL you'll find your individual confirmation email. </description> <link>https://ca-mgr1.it-sls.de/testsystemdoc.html</link> </item> </channel> </rss>
The testserver runs a postfix MTA and a dovecot IMAP server.
It looks like all(?) mails sent by the CAcert website installation are redirected into a single IMAP mailbox. The TestManager then accesses this mailbox and filters them for the mails to be shown to the logged in user.
The redirection is achieved by this directive in /etc/postfix/main.cf:
virtual_alias_maps = regexp:/etc/postfix/virtual.regexp
with virtual.regexp containing
/.*/ cacertmail
CATS
It is not essential to set up a CATS server, since passed tests can be created by the TestMgr.
Changes to the release branch
Currently some files of the cacert-devel release branch have to be changed to set up the testserver.1
Note that all those settings should go into a "configuration file" in the future, so that the release branch can be used for a testserver, with all necessary changes included only in config files.
- different logo: www/images/cacert4.png
- different default style: www/styles/default.css
- CommModule/client.pl has to be set up to us ea different serial port, currently "dev/ttyS1". Note that the server uses "dev/ttyS0"
- a matching serial.conf for this dev/ttyS1 is needed
- the production server uses a real USB tty, the test servers use pseudo regular ttys coupled by socat.
- the directories crt and csr must be writeably ba the webserver, usually by making changing their group to "www-data" and adding the group writeable flag (chmod -R g+w crt csr)
- place the testserver certificates in www/certs
- add the pseudo RSS feed pages/index/feed.rss
- add the testserver's GPG keys: www/certs/cacert.asc
- change the IP address of the CATS server in www/cats/cats_import.php
Add softlinks www/cacert1-revoke.crl to revoke.crl and www/cacert1-class-3-revoke.crl to class-3-revoke.crl2
Not in the repository:
- includes/mysql.php
Footnotes