Total de visualizações de página

segunda-feira, 25 de abril de 2016

Pen : SSL Settings


Pen : SSL Settings
2015/06/10
 
Configure Pen with SSL.
The connection between Pen and Clients are encrypted with SSL. ( Pen - backends are normal )
This example based on the environment like follows.
        |
--------+--------------------------------------------------------------------
        |
        +-------------------+--------------------+--------------------+
        |10.0.0.30          |10.0.0.51           |10.0.0.52           |10.0.0.53
 +------+-----+     +-------+------+     +-------+------+     +-------+------+
 |  Frontend  |     |   Backend#1  |     |   Backend#2  |     |   Backend#3  |
 | Pen Server |     |  Web Server  |     |  Web Server  |     |  Web Server  |
 +------------+     +--------------+     +--------------+     +--------------+
[1]Create SSL certificates.
[root@dlp ~]# 
cd /etc/pki/tls/certs 

[root@dlp certs]# 
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/pen.pem -out /etc/pki/tls/certs/pen.pem -days 365 

Generating a 2048 bit RSA private key
......++++++
.......++++++
writing new private key to '/etc/pki/tls/certs/pen.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
JP
# country

State or Province Name (full name) [Some-State]:
Hiroshima
   
# state

Locality Name (eg, city) []:
Hiroshima
# city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Server World
   
# company

Organizational Unit Name (eg, section) []:
IT Solution
   
# department

Common Name (eg, YOUR name) []:
dlp.server.world
   
# server's FQDN

Email Address []:
xxx@server.world
# admin email
[root@dlp certs]# 
chmod 600 pen.pem 
[2]Configure Pen for SSL.
[root@dlp ~]# 
vi /etc/pen.conf
# change port and specify certificates

PORT=
443
SSLCERTS=/etc/pki/tls/certs/pen.pem
[root@dlp ~]# 
systemctl restart pen 
[3]Make sure all works fine to access to the frontend server from a Client with HTTPS like follows.
Postado por às
Marcadores:

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)