|
Pen : SSL Settings
2015/01/31 |
|
Configure Pen with SSL.
The connection between Pen and Clients are encrypted with SSL. ( Pen - backends are normal ) This example based on the environment like follows.
|
--------+--------------------------------------------------------------------
|
+-------------------+--------------------+--------------------+
|10.0.0.30 |10.0.0.51 |10.0.0.52 |10.0.0.53
+------+-----+ +-------+------+ +-------+------+ +-------+------+
| Frontend | | Backend#1 | | Backend#2 | | Backend#3 |
| Pen Server | | Web Server | | Web Server | | Web Server |
+------------+ +--------------+ +--------------+ +--------------+
|
| [1] | Create SSL certificates. |
|
[root@dlp ~]# cd /etc/pki/tls/certs [root@dlp certs]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/pen.pem -out /etc/pki/tls/certs/pen.pem -days 365 Generating a 2048 bit RSA private key ......++++++ .......++++++ writing new private key to '/etc/pki/tls/certs/pen.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: JP # country State or Province Name (full name) [Some-State]: Hiroshima # state Locality Name (eg, city) []: Hiroshima # city Organization Name (eg, company) [Internet Widgits Pty Ltd]: Server World # company Organizational Unit Name (eg, section) []: IT Solution # department Common Name (eg, YOUR name) []: dlp.srv.world # server's FQDN
Email Address []:
[root@dlp certs]# xxx@srv.world # admin email chmod 600 pen.pem |
| [2] | Configure Pen for SSL. |
|
[root@dlp ~]#
vi /etc/pen.conf # change listening port and add certificates PORT= 443
SSLCERTS=/etc/pki/tls/certs/pen.pem /etc/rc.d/init.d/pend restart Stopping Pend: [ OK ] Starting Pend: [ OK ] |
| [3] | Make sure all works fine to access to the frontend server from a Client with HTTPS like follows. |
|