Wie stelle ich eine Webdav-Verbindung mit der TLS-Client-Zertifikatauthentifizierung in Ubuntu her?


2

This Die Antwort eignet sich gut zum Herstellen von Webdav- oder Webdavs-Verbindungen mit Nautilus.

Wenn ich dies jedoch auf einer Webdav-Freigabe versuche, die mit einer selbstsignierten TLS-Clientzertifikatauthentifizierung gesichert ist, wird Folgendes angezeigt:

Zuerst:

The signing certificate authority is not known.
Certificate information:
....
Are you really sure you would like to continue?

Und nachdem ich auf Ja geklickt habe:

...Unhandled error message: HTTP Error: Error performing TLS handshake: A TLS fatal allert has been received.

... und ich werde nie nach einem Client-Zertifikat gefragt.Ich bin auf Ubuntu 16.04 mit Unity und möchte vorzugsweise, dass dies mit Nautilus funktioniert.Ich benötige Anweisungen einschließlich der Installation des Client-Zertifikats (und der CA-Berechtigung).

PS: This Frage scheint verwandt (nicht identisch) zu sein, hat aber auch keine Antwort.

0

As this is a self signed certificate you will need to ensure that BOTH ends have the CA public cert installed.

This typically doesn't work in the same way for all packages as some don't make use of the central cert store.

Heres some instructions on install root CA certs in ubuntu How do I install a root certificate?


2

One solution that worked, is using davfs.

Installation

Install davfs

sudo apt-get install davfs2

Configuration

then copy the certificate from the CA (in pem format) to /ect/davfs2/certs and the client certificate (in .p12 format) to /ect/davfs/certs/private and modify the configuration file e.g.

sudo nano /etc/davfs2/davfs2.conf

by uncommenting (removing the #) the lines trust_ca_cert and clientcert and adding the full paths to the respective certificates e.g.

trust_ca_cert         /etc/davfs2/certs/ca.cert.pem
#servercert
clientcert            /etc/davfs2/certs/private/xxx.yyy.com.p12

save the file and exit (Ctrl + O, Ctrl + x in nano) and make sure the clientcert has the correct permissions

sudo su
chmod 0600 /etc/davfs2/certs/private/xxx.yyy.com.p12
exit

Optionally configure credentials file

You can use a credential file located at:

/etc/davfs2/secrets

This way you will not have to enter your password each time. The file has good examples of its syntax, which I will not replicate here.

Usage

To mount the filesystem run

sudo mount -t davfs -o uid=bruni,gid=users https://serveraddress /home/bruni/mountpoint

Drawbacks

The problems with this solution are:

  1. The website offers links in the form davs:// which do not work with the above scenario

(We solved this serverside by providing links in the form file://

  1. Freefilesync returns the following error when I try to synchronize with a folder mounted as above:

    Cannot set directory lock for "/path/to/mountpoint".

    Cannot write file "/path/to/mountpoint/sync.ffs_lock".

    Error Code 13:Permission denied (open)

update To mitigate this, I have switched to rsync.