Tripp Lite B098016V Owners Manual for B093- B097- and B098-Series Console Serv - Page 260
Generating a Self-Signed Certificate with OpenSSL, 8.3 Installing the Key and Certificate, 8.4
![]() |
View all Tripp Lite B098016V manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 260 highlights
15. Advanced Configuration 15.8.2 Generating a Self-Signed Certificate with OpenSSL This example shows how to use OpenSSL to create a self-signed certificate. OpenSSL is available for most Linux distributions using the default package management mechanism. Windows users can check by going to http://www.openssl.org/related/ binaries.html. To create a 1024-bit RSA key and a self-signed certificate, issue the following openssl command from the host you have openssl installed on: openssl req -x509 -nodes -days 1000 \ -newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem You will be prompted to enter a lot of information. Most does not matter, but the "Common Name" should be the domain name of your computer (e.g., test.tripplite.com). Once everything has been entered, the certificate will be created in a file called ssl_cert.pem. 15.8.3 Installing the Key and Certificate The recommended method for copying files securely to the console server is with an SCP (Secure Copying Protocol) client. The scp utility is distributed with OpenSSH for most UNIX distributions, while Windows users can use something like the PSCP command line utility available with PuTTY. The files created in the steps above can be installed remotely with the scp utility as follows: scp ssl_key.pem root@:/etc/config/ scp ssl_cert.pem root@:/etc/config/ or using PSCP: pscp -scp ssl_key.pem root@:/etc/config/ pscp -scp ssl_cert.pem root@:/etc/config/ PuTTY and the PSCP utility can be downloaded from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. More detailed documentation on the PSCP can be found at: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter5. html#pscp. 15.8.4 Launching the HTTPS Server The easiest way to enable the HTTPS server is from the web management console. Simply click the appropriate checkbox in Network: Services: HTTPS Server. The HTTPS server will be activated, assuming the ssl_key.pem & ssl_cert.pem files exist in the /etc/config directory. Alternately, inetd can be configured to launch the secure fnord server from the command line of the unit as follows. Edit the inetd configuration file. From the unit command line: vi /etc/config/inetd.conf Append a line: 443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd /home/httpd" Save the file and signal inetd of the configuration change. kill -HUP `cat /var/run/inetd.pid` The HTTPS server should be accessible from a web client at a URL similar to: https:// More detailed documentation about the openssl utility can be found at: http://www.openssl.org/ 260
![](/manual_guide/products/tripp-lite-b0930042e4uv-owners-manual-b093-b097-b098series-console-servers-english-95902c6/260.png)