S3Sync.net
February 02, 2014, 01:19:21 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: SSL Certificate: Fatal Mistake!  (Read 7256 times)
lejarrag
Newbie
*
Posts: 16


View Profile
« on: July 21, 2008, 10:56:03 PM »

I've been using s3sync to back up my server for about a year.  When I wrote the script I used the certificate suggested in the README.txt file.  For some time it was working fine.  But today I realized that for the last five months the Amazon server was not accepting my certificate.  I've got many system mails in my root account in the server warning me of this, but I was not checking this.  Thus, for the last five months, no backups were made.  Fortunately my hard disk didn't crash.  Since I didn't change anything in my server, I have to assume that Amazon has changed the software and decided not to accept certifictates that they were previously accepting.  Great idea!  I have only to hope that they will not change my passphrase without warning me.  I would appreciate if anyone can comment on this.
Logged
ferrix
Sr. Member
****
Posts: 363


(I am greg13070 on AWS forum)


View Profile
« Reply #1 on: July 22, 2008, 09:51:07 AM »

Widely announced, including here:
http://s3sync.net/forum/index.php?topic=163.0

Other comments, check your system mails Wink
Logged
lejarrag
Newbie
*
Posts: 16


View Profile
« Reply #2 on: July 22, 2008, 11:25:37 PM »

Thanks, ferrix.  I learned my lesson.  My intention was to have a backup system that would not require much monitoring on my part.  I didn't want to spend my time reading system mail or checking forums--at the time I implemented it, this forum didn't even exist.  It's not even clear to me why I need to input a certificate, when the question is to determine the authenticity of the S3 server, not that of mine, but this is another question.
Logged
ferrix
Sr. Member
****
Posts: 363


(I am greg13070 on AWS forum)


View Profile
« Reply #3 on: July 23, 2008, 09:53:21 AM »

It's not even clear to me why I need to input a certificate, when the question is to determine the authenticity of the S3 server, not that of mine, but this is another question.

You have to specify the cert of the server *or* that of a trusted root; that is the way it determines authenticity of the server.  If you have a set of root certs on your system you may be able to point the program there instead of using the single approach.  Then it behaves more like a web browser like you expect.  This stuff is just non-trivial to use because it's not a complete interface.  Maybe you ought to try jungle disk?
Logged
lejarrag
Newbie
*
Posts: 16


View Profile
« Reply #4 on: July 23, 2008, 02:05:14 PM »

You have to specify the cert of the server *or* that of a trusted root; that is the way it determines authenticity of the server.  If you have a set of root certs on your system you may be able to point the program there instead of using the single approach.  Then it behaves more like a web browser like you expect. 
Thanks for the help.  This makes sense.  I'll have to think the thing over with the help of a cryptography book, but for now I'll take your word.  This may be a naive question, but, if I just don't use SSL altogether, will my AWS keys be sent also in cleartext?  I don't care if my documents are sent in cleartext, but obviously I don't want to give access to my account to malicious third parties.

This stuff is just non-trivial to use because it's not a complete interface.  Maybe you ought to try jungle disk?
Just the fact that it is not a complete interface is what makes it appealing.  I was just looking for some equivalent of rsync to access S3. I suppose another consideration would be that if I die tomorrow, my wife won't know what to do with my backup system if she needs it, but most probably I'll outlive the backup system.
Logged
lejarrag
Newbie
*
Posts: 16


View Profile
« Reply #5 on: July 23, 2008, 02:59:28 PM »

I found the answer to my naive question somewhere else in the forum.  As I imagined, AWS is designed to always protect your secret key. 

Thanks, ferrix.  Great software!  I didn't realize that you were the creator and/or maintainer of s3sync. 
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!