Tripp Lite B098048 Owners Manual for B093- B097- and B098-Series Console Serve - Page 260

Generating a Self-Signed Certificate with OpenSSL, 8.3 Installing the Key and Certificate, 8.4

Get Tripp Lite B098048 PDF manuals and user guides View all Tripp Lite B098048 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 260 highlights

15. Advanced Configuration 15.8.2 Generating a Self-Signed Certificate with OpenSSL This example shows how to use OpenSSL to create a self-signed certificate. OpenSSL is available for most Linux distributions using the default package management mechanism. Windows users can check by going to http://www.openssl.org/related/ binaries.html. To create a 1024-bit RSA key and a self-signed certificate, issue the following openssl command from the host you have openssl installed on: openssl req -x509 -nodes -days 1000 \ -newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem You will be prompted to enter a lot of information. Most does not matter, but the "Common Name" should be the domain name of your computer (e.g., test.tripplite.com). Once everything has been entered, the certificate will be created in a file called ssl_cert.pem. 15.8.3 Installing the Key and Certificate The recommended method for copying files securely to the console server is with an SCP (Secure Copying Protocol) client. The scp utility is distributed with OpenSSH for most UNIX distributions, while Windows users can use something like the PSCP command line utility available with PuTTY. The files created in the steps above can be installed remotely with the scp utility as follows: scp ssl_key.pem root@:/etc/config/ scp ssl_cert.pem root@:/etc/config/ or using PSCP: pscp -scp ssl_key.pem root@:/etc/config/ pscp -scp ssl_cert.pem root@:/etc/config/ PuTTY and the PSCP utility can be downloaded from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. More detailed documentation on the PSCP can be found at: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter5. html#pscp. 15.8.4 Launching the HTTPS Server The easiest way to enable the HTTPS server is from the web management console. Simply click the appropriate checkbox in Network: Services: HTTPS Server. The HTTPS server will be activated, assuming the ssl_key.pem & ssl_cert.pem files exist in the /etc/config directory. Alternately, inetd can be configured to launch the secure fnord server from the command line of the unit as follows. Edit the inetd configuration file. From the unit command line: vi /etc/config/inetd.conf Append a line: 443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd /home/httpd" Save the file and signal inetd of the configuration change. kill -HUP `cat /var/run/inetd.pid` The HTTPS server should be accessible from a web client at a URL similar to: https:// More detailed documentation about the openssl utility can be found at: http://www.openssl.org/ 260

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
260
15. Advanced Configuration
15.8.2 Generating a Self-Signed Certificate with OpenSSL
This example shows how to use OpenSSL to create a self-signed certificate. OpenSSL is available for most Linux distributions
using the default package management mechanism. Windows users can check by going to
binaries.html
.
To create a 1024-bit RSA key and a self-signed certificate, issue the following openssl command from the host you have
openssl
installed on:
openssl req -x509 -nodes -days 1000 \
-newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem
You will be prompted to enter a lot of information. Most does not matter, but the “Common Name” should be the domain
name of your computer (e.g., test.tripplite.com). Once everything has been entered, the certificate will be created in a file
called
ssl_cert.pem
.
15.8.3 Installing the Key and Certificate
The recommended method for copying files securely to the console server is with an SCP (Secure Copying Protocol) client.
The scp utility is distributed with OpenSSH for most UNIX distributions, while Windows users can use something like the PSCP
command line utility available with PuTTY.
The files created in the steps above can be installed remotely with the
scp
utility as follows:
scp ssl_key.pem root@<address of unit>:/etc/config/
scp ssl_cert.pem root@<address of unit>:/etc/config/
or using PSCP:
pscp -scp ssl_key.pem root@<address of unit>:/etc/config/
pscp -scp ssl_cert.pem root@<address of unit>:/etc/config/
PuTTY and the PSCP utility can be downloaded from:
.
More detailed documentation on the PSCP can be found at:
html#pscp
.
15.8.4 Launching the HTTPS Server
The easiest way to enable the HTTPS server is from the web management console. Simply click the appropriate checkbox in
Network: Services: HTTPS Server
. The HTTPS server will be activated, assuming the ssl_key.pem & ssl_cert.pem files exist
in the /etc/config directory.
Alternately,
inetd
can be configured to launch the secure
fnord
server from the command line of the unit as follows.
Edit the
inetd
configuration file. From the unit command line:
vi /etc/config/inetd.conf
Append a line:
443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd /home/httpd”
Save the file and signal
inetd
of the configuration change.
kill -HUP `cat /var/run/inetd.pid`
The HTTPS server should be accessible from a web client at a URL similar to:
https://<common name of unit>
More detailed documentation about the
openssl
utility can be found at: