Pen : SSL Settings
2016/01/11 |
Configure Pen with SSL.
The connection between Pen and Clients are encrypted with SSL. ( Pen - backends are normal ) This example based on the environment like follows. | --------+-------------------------------------------------------------------- | +-------------------+--------------------+--------------------+ |10.0.0.30 |10.0.0.51 |10.0.0.52 |10.0.0.53 +------+-----+ +-------+------+ +-------+------+ +-------+------+ | Frontend | | Backend#1 | | Backend#2 | | Backend#3 | | Pen Server | | Web Server | | Web Server | | Web Server | +------------+ +--------------+ +--------------+ +--------------+ |
[1] | Create SSL certificates. |
root@dlp:~# cd /etc/ssl/private root@dlp:/etc/ssl/private# openssl req -x509 -nodes -newkey rsa:4096 -keyout /etc/ssl/private/pen.pem -out /etc/ssl/private/pen.pem -days 365 Generating a 2048 bit RSA private key ......++++++ .......++++++ writing new private key to '/etc/ssl/private/pen.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: JP # country State or Province Name (full name) [Some-State]: Hiroshima # state Locality Name (eg, city) []: Hiroshima # city Organization Name (eg, company) [Internet Widgits Pty Ltd]: Server World # company Organizational Unit Name (eg, section) []: IT Solution # department Common Name (eg, YOUR name) []: dlp.srv.world # server's FQDN
Email Address []:
root@dlp:/etc/ssl/private# xxx@srv.world # admin email chmod 600 pen.pem |
[2] | Configure Pen for SSL. |
root@dlp:~#
vi /etc/pen.conf # change port and specify certificates PORT= 443
SSLCERTS=/etc/ssl/private/pen.pem /etc/init.d/pend restart |
[3] | Make sure it works fine to access to the frontend server from a Client with HTTPS like follows. |