step-ca on FreeBSD #572
Replies: 5 comments 5 replies
-
Hi Basil, I'm the maintainer of the FreeBSD port. I just sent you an answer to your mail you sent earlier. Thanks |
Beta Was this translation helpful? Give feedback.
-
Hi @mawi78, Thanks for your assistance in helping me get the Smallstep FreeBSD port working. Here's an extract from your email:
I've got some queries about the FreeBSD port of Smallstep, but I'll take this offline and communicate directly with you via email. @maraino Here's a log of a successful installation of
|
Beta Was this translation helpful? Give feedback.
-
I'm not convinced that Smallstep functions as intended under FreeBSD due to this issue smallstep/truststore#1.
This is the same issue identified when using the Caddy internal CA, which is based on the Smallstep library. More info in this Caddy forum post https://caddy.community/t/my-mtls-journey/12364/37 |
Beta Was this translation helpful? Give feedback.
-
Apologies for bumping a 3 year old thread. Thanks for creating this write-up. I've noticed there is a particularly nasty bug in how the initial setup works that's had me pulling my hair out for the last hour or so trying to get step-ca to to run via I know the guide does specifically tell the user to start step-ca as soon as the service is enabled but it may trip anyone up who happens to do a reboot before setting up their CA for the first time. I'm not overly familiar on how to send patches to FreeBSD's ports but I'd be happy to try and add a couple of checks to the rc.d script file to mitigate this issue. Cheers. |
Beta Was this translation helpful? Give feedback.
-
Hi all,
I’m just preparing the new version of step-certificates and step-cli.
I will change the rc -script accordingly, so that in the future it will just exit in case there is no configuration and add a new configure command to it to generate the configuration.
This should mitigate the observed errors.
Thanks
Markus
… On 26. Mar 2024, at 04:04, Andrew ***@***.***> wrote:
Apologies for bumping a 3 year old thread.
Thanks for creating this write-up. I've noticed there is a particularly nasty bug in how the initial setup works that's had me pulling my hair out for the last hour or so trying to get step-ca to to run via service/rc.d. In my experience if the machine is restarted before the service is started for the first time when your CA hasn't yet been created, FreeBSD locks up on the next boot waiting for user input requiring a restart and creates a broken set of configs (namely an empty /usr/local/etc/step/ca directory). At that point step-ca won't run and there's no output telling you what's wrong.
I know the guide does specifically tell the user to start step-ca as soon as the service is enabled but it may trip anyone up who happens to do a reboot before setting up their CA for the first time.
I'm not overly familiar on how to send patches to FreeBSD's ports but I'd be happy to try and add a couple of checks to the rc.d script file to mitigate this issue.
Cheers.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I had been trying to set up Caddy to issue internal certs, but then stalled when it appeared that the FreeBSD platform was not supported. My efforts are in this Caddy forum thread.
FreeBSD is absent from the Smallstep installation guide, reinforcing the notion that FreeBSD is not supported.
Interestingly, step-certificates and step-cli have been ported to FreeBSD, but there's no documentation on how to configure it correctly under FreeBSD. I've tried to use the smallstep guides as much as possible, but I'm now out of ideas. I'm hoping for some guidance here. So, this is what I've done so far...
I managed to install the packages in a jail.
Relevant parts of how I configure the CA in the jail. The jail IP is 10.1.1.3...
Here's where I come unstuck. Trying to start the step-ca service...
Beta Was this translation helpful? Give feedback.
All reactions