Title: SSL Certificate: Fatal Mistake! Post by: lejarrag on July 21, 2008, 10:56:03 PM I've been using s3sync to back up my server for about a year. When I wrote the script I used the certificate suggested in the README.txt file. For some time it was working fine. But today I realized that for the last five months the Amazon server was not accepting my certificate. I've got many system mails in my root account in the server warning me of this, but I was not checking this. Thus, for the last five months, no backups were made. Fortunately my hard disk didn't crash. Since I didn't change anything in my server, I have to assume that Amazon has changed the software and decided not to accept certifictates that they were previously accepting. Great idea! I have only to hope that they will not change my passphrase without warning me. I would appreciate if anyone can comment on this.
Title: Re: SSL Certificate: Fatal Mistake! Post by: ferrix on July 22, 2008, 09:51:07 AM Widely announced, including here:
http://s3sync.net/forum/index.php?topic=163.0 Other comments, check your system mails ;) Title: Re: SSL Certificate: Fatal Mistake! Post by: lejarrag on July 22, 2008, 11:25:37 PM Thanks, ferrix. I learned my lesson. My intention was to have a backup system that would not require much monitoring on my part. I didn't want to spend my time reading system mail or checking forums--at the time I implemented it, this forum didn't even exist. It's not even clear to me why I need to input a certificate, when the question is to determine the authenticity of the S3 server, not that of mine, but this is another question.
Title: Re: SSL Certificate: Fatal Mistake! Post by: ferrix on July 23, 2008, 09:53:21 AM It's not even clear to me why I need to input a certificate, when the question is to determine the authenticity of the S3 server, not that of mine, but this is another question. You have to specify the cert of the server *or* that of a trusted root; that is the way it determines authenticity of the server. If you have a set of root certs on your system you may be able to point the program there instead of using the single approach. Then it behaves more like a web browser like you expect. This stuff is just non-trivial to use because it's not a complete interface. Maybe you ought to try jungle disk? Title: Re: SSL Certificate: Fatal Mistake! Post by: lejarrag on July 23, 2008, 02:05:14 PM You have to specify the cert of the server *or* that of a trusted root; that is the way it determines authenticity of the server. If you have a set of root certs on your system you may be able to point the program there instead of using the single approach. Then it behaves more like a web browser like you expect. Thanks for the help. This makes sense. I'll have to think the thing over with the help of a cryptography book, but for now I'll take your word. This may be a naive question, but, if I just don't use SSL altogether, will my AWS keys be sent also in cleartext? I don't care if my documents are sent in cleartext, but obviously I don't want to give access to my account to malicious third parties.This stuff is just non-trivial to use because it's not a complete interface. Maybe you ought to try jungle disk? Just the fact that it is not a complete interface is what makes it appealing. I was just looking for some equivalent of rsync to access S3. I suppose another consideration would be that if I die tomorrow, my wife won't know what to do with my backup system if she needs it, but most probably I'll outlive the backup system.Title: Re: SSL Certificate: Fatal Mistake! Post by: lejarrag on July 23, 2008, 02:59:28 PM I found the answer to my naive question somewhere else in the forum. As I imagined, AWS is designed to always protect your secret key.
Thanks, ferrix. Great software! I didn't realize that you were the creator and/or maintainer of s3sync. |