228
Chapter 15: Advanced Configuration
15.8.3 Installing the key and certificate
TherecommendedmethodforcopyinglessecurelytotheConsoleServerunitiswithanSCP(SecureCopyingProtocol)
client. The scputilityisdistributedwithOpenSSHformostUnixdistributionswhileWindowsuserscanusesomethinglikethe
PSCP command line utility available with PuTTY.
The files created in the steps above can be installed remotely with the scp utility as follows:
scp ssl_key
.pem root@<address of unit>:/etc/config/
scp ssl_cert.pem root@<address of unit>:/etc/config/
or using PSCP:
pscp -scp ssl_key
.pem root@<address of unit>:/etc/config/
pscp -scp ssl_cert.pem root@<address of unit>:/etc/config/
PuTTY and the PSCP utility can be downloaded from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
More detailed documentation on the PSCP can be found:
http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter5.html#pscp
15.8.4 Launching the HTTPS Server
NotethattheeasiestwaytoenabletheHTTPSserverisfromthewebManagementConsole.Simplyclicktheappropriate
checkbox in Network: Services: HTTPS ServerandtheHTTPSserverwillbeactivated(assumingthessl_key.pem& ssl_cert.
pem files exist in the /etc/config directory).
Alternatively inetd can be configured to launch the secure fnord server from the command line of the unit as follows.
Edit the inetd configuration file. From the unit command line:
vi /etc/config/inetd.conf
Append a line:
443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd
/home/httpd"
Save the file and signal inetd of the configuration change.
kill -HUP `cat /var/run/inetd.pid`
TheHTTPSservershouldbeaccessiblefromawebclientataURLsimilartothis:https://<common name of unit>
More detailed documentation about the openssl utility can be found at the website: http://www.openssl.org/
To Next Page
Loading...
