Please test :)
David Shaw
dshaw at jabberwocky.com
Fri Aug 14 20:27:03 CEST 2009
On Aug 14, 2009, at 10:15 AM, Daniel Leidert wrote:
> Am Freitag, den 14.08.2009, 11:46 +0200 schrieb Jeroen Schot:
>
>> On Thu, Aug 13, 2009 at 10:21:46PM -0400, David Shaw wrote:
>>> 2) HKPS - in other words regular old HKP over SSL (i.e. https). So
>>> far as I
>>> know, the only hkps server in existence right now is hkps://
>>> zimmermann.mayfirst.org.
>>
>> I successfully tested HKPS, but encountered a lack of
>> documentation. So here a
>> short howto specifically for the zimmermann.mayfirst.org keyserver:
>>
>> Download the 'May First/People Link CA' certificate from
>> <https://support.mayfirst.org/wiki/mfpl_certificate_authority> and
>> store it in
>> ~/.gnupg/ca.crt.
>>
>> Add the following two lines to your gpg.conf (or add them to the
>> commandline):
>> keyserver hkps://zimmermann.mayfirst.org
>> keyserver-options ca-cert-file ~/.gnupg/ca.crt
>>
>> Test the keyserver with a '--search-keys' or '--recv-keys'.
>
> I tried to follow your short howto (got mfpl.crt as .gnupg/ca.crt and
> added the options), but I always get an error:
>
> gpgkeys: HTTP search error 60: server certificate verification failed.
> CAfile: none CRLfile: none
> gpg: key "Leidert" not found on keyserver
> gpg: keyserver internal error
> gpg: keyserver search failed: keyserver error
>
> Following the webform, the keys exist. Any idea?
Try not using the ~ in the file path. Rather, spell out the complete
path. Different distros sometimes build curl with different backend
SSL libraries, and not all understand ~.
David
More information about the Gnupg-devel
mailing list