To Systems Overview - To Software Software - To Software-Assessment - Software/Assessment
To Software Asessment Documentation Overview

Testserver Setup and technical details

This is a reverse engineering notepad on how the Testserver test.cacert.org has been set up.

Contents

Testserver Setup and technical details
Footnotes

Signer

The OpenSSL config files in /etc/ssl should be adjusted: crlDistributionPoints, authorityInfoAccess, ...

The Testserver keys have to be provided for download.

Signer Client

ToDo

Testmgr

ToDo

Blog

pages/index/feed.rss get displayed as Latest news on the startpage. Sample page:

<?xml version="1.0" encoding="UTF-8"?><!-- generator="WordPress/2.5.1" -->
<rss version="0.92">
        <channel>
                <title>CAcert NEWS Blog</title>
                <link>http://blog.cacert.org</link>
                <description>CAcert NEWS and up coming events.</description>
                <lastBuildDate>Fri, 20 Aug 2010 11:54:30 +0000</lastBuildDate>
                <docs>http://backend.userland.com/rss092</docs>
                <language>en</language>

                <item>
                        <title>Looking for confirmation email on creating account?</title>
                        <description>Please go to https://ca-mgr1.it-sls.de/login login with your just created account and password. Under MAIL you'll find your individual confirmation email.
                        </description>
                        <link>https://ca-mgr1.it-sls.de/testsystemdoc.html</link>
                </item>
        </channel>
</rss>

Mail

The testserver runs a postfix MTA and a dovecot IMAP server.

It looks like all(?) mails sent by the CAcert website installation are redirected into a single IMAP mailbox. The TestManager then accesses this mailbox and filters them for the mails to be shown to the logged in user.

The redirection is achieved by this directive in /etc/postfix/main.cf:

virtual_alias_maps = regexp:/etc/postfix/virtual.regexp

with virtual.regexp containing

 /.*/    cacertmail

CATS

It is not essential to set up a CATS server, since passed tests can be created by the TestMgr.

Changes to the release branch

Currently some files of the cacert-devel release branch have to be changed to set up the testserver.¹

Note that all those settings should go into a "configuration file" in the future, so that the release branch can be used for a testserver, with all necessary changes included only in config files.

different logo: www/images/cacert4.png
different default style: www/styles/default.css
CommModule/client.pl has to be set up to us ea different serial port, currently "dev/ttyS1". Note that the server uses "dev/ttyS0"
a matching serial.conf for this dev/ttyS1 is needed
the production server uses a real USB tty, the test servers use pseudo regular ttys coupled by socat.
the directories crt and csr must be writeably ba the webserver, usually by making changing their group to "www-data" and adding the group writeable flag (chmod -R g+w crt csr)
place the testserver certificates in www/certs
add the pseudo RSS feed pages/index/feed.rss
add the testserver's GPG keys: www/certs/cacert.asc
change the IP address of the CATS server in www/cats/cats_import.php
Add softlinks www/cacert1-revoke.crl to revoke.crl and www/cacert1-class-3-revoke.crl to class-3-revoke.crl²

Not in the repository:

includes/mysql.php

Footnotes

The necessary changes should be included in the Git branch testserver-mods, but since such branches get somewhat outdated as time passes I'm trying to describe the changes in text form. (1)
"Work around CRLs redirecting to crl.cacert.org", I don't yet understand this... (2)

Software/Assessment/testserver/setup (last edited 2019-07-08 18:59:39 by BernhardFröhlich)