Tripp Lite B093-004-2E4U-V Owner's Manual

Loading ...

257

15. Advanced Conﬁguration

15.8.2 Generating a Self-Signed Certiﬁcate with OpenSSL

This example shows how to use OpenSSL to create a self-signed certiﬁcate. OpenSSL is available for most Linux distributions

using the default package management mechanism. Windows users can check by going to http://www.openssl.org/related/

binaries.html.

To create a 1024-bit RSA key and a self-signed certiﬁcate, issue the following openssl command from the host you have

openssl installed on:

openssl req -x509 -nodes -days 1000 \

-newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem

You will be prompted to enter a lot of information. Most does not matter, but the “Common Name” should be the domain

name of your computer (e.g., test.tripplite.com). Once everything has been entered, the certiﬁcate will be created in a ﬁle

called ssl_cert.pem.

15.8.3 Installing the Key and Certiﬁcate

The recommended method for copying ﬁles securely to the console server is with an SCP (Secure Copying Protocol) client.

The scp utility is distributed with OpenSSH for most UNIX distributions, while Windows users can use something like the PSCP

command line utility available with PuTTY.

The ﬁles created in the steps above can be installed remotely with the scp utility as follows:

scp ssl_key.pem root@<address of unit>:/etc/conﬁg/

scp ssl_cert.pem root@<address of unit>:/etc/conﬁg/

or using PSCP:

pscp -scp ssl_key.pem root@<address of unit>:/etc/conﬁg/

pscp -scp ssl_cert.pem root@<address of unit>:/etc/conﬁg/

PuTTY and the PSCP utility can be downloaded from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

More detailed documentation on the PSCP can be found at: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter5.

html#pscp.

15.8.4 Launching the HTTPS Server

The easiest way to enable the HTTPS server is from the web management console. Simply click the appropriate checkbox in

Network: Services: HTTPS Server. The HTTPS server will be activated, assuming the ssl_key.pem & ssl_cert.pem ﬁles exist

in the /etc/conﬁg directory.

Alternately, inetd can be conﬁgured to launch the secure fnord server from the command line of the unit as follows.

Edit the inetd conﬁguration ﬁle. From the unit command line:

vi /etc/conﬁg/inetd.conf

Append a line:

443 stream tcp nowait root sslwrap -cert /etc/conﬁg/ssl_cert.pem -key /etc/conﬁg/ssl_key.pem -exec /bin/httpd /home/httpd”

Save the ﬁle and signal inetd of the conﬁguration change.

kill -HUP `cat /var/run/inetd.pid`

The HTTPS server should be accessible from a web client at a URL similar to: https://<common name of unit>

More detailed documentation about the openssl utility can be found at: http://www.openssl.org/

Loading ...

Tripp Lite B093-004-2E4U-V 4-Port Console Server with 4G LTE Cellular Gateway, Dual GbE NIC, 4Gb Flash and Dual SIM