...
To enable SSL encryption, complete the following steps on each agent system:
...
Note | ||
---|---|---|
| ||
Do not perform these steps on the monitoring station. |
Ensure Stunnel is installed on the agent server. If you do not have access to a distribution, you can download it from Stunnel.org.
Edit the /etc/xinetd.d/uptmagnt file so that it includes the following configuration information:
\nCode Block language text service uptmagnt
\n disable{
\n flagsdisable = no
\nflags = REUSE
socket_type
\n wait= stream
\n userwait = no
\n serveruser = nobody
\nserver = /usr/sbin/stunnel
server_args
\n= /etc/stunnel/uptmagnt.conf
\n}
Create the certificate that will be used by Stunnel. For example:
Code Block language text openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem
\nThe following is a sample stunnel.cnf for the openssl program:
Code Block language text # create RSA certs - Server
\n\nRANDFILERANDFILE = stunnel.rnd
\n\n[ req ]
\ndefaultdefault_bits = 1024
\nencryptencrypt_key = yes
\ndistinguisheddistinguished_name = req_dn
\nx509x509_extensions = cert_type
\n\n[ req_dn ]
\ncountryNamecountryName = Country Name (2 letter code)
\ncountryNamecountryName_default
= PL
\ncountryNamecountryName_min
= 2
\ncountryNamecountryName_max
= 2
\n\nstateOrProvinceName stateOrProvinceName = State or Province Name (full name)
\nstateOrProvinceNamestateOrProvinceName_default
= Some-State
\n\nlocalityName localityName = Locality Name (eg, city)
\n\n0.organizationName 0.organizationName = Organization Name (eg, company)
\n00.organizationName_default
= Stunnel Developers Ltd
\n\norganizationalUnitName organizationalUnitName = Organizational Unit Name (eg, section)
\n#organizationalUnitName#organizationalUnitName_default =
\n\n0.commonName 0.commonName = Common Name (FQDN of your server)
\n00.commonName_default
= localhost
\n\n## To create a certificate for more than one name uncomment:
\n## 1.commonName
= DNS alias of your server
\n## 2.commonName
= DNS alias of your server
\n## ...
\n## See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
\n## to see how Netscape understands commonName.
\n\n[ cert_type ]
\nnsCertTypensCertType = server
\nCopy stunnel.pem to /etc/stunnel/uptmagnt.pem.
...
Create the /etc/stunnel/uptmagnt.conf file and add the following lines:Code Block language text cert=/etc/stunnel/uptmagnt.
...
pem exec=/opt/uptime-agent/bin/uptmagnt
...
Restart the xinetd service. After doing this, your agent should now be in SSL mode.
You can verify that your agent is communicating securely by running the following command on your monitoring station:
Code Block language text agentcmd +s -p 9998 <hostname> df-k
...
...
Note | ||
---|---|---|
|
|
Enabling SSL in the up.time UI
If the Linux agent has already been added to up.time, complete the following steps in the up.time Web interface for each agent system that you want to configure to use SSL.
- Click My Enterprise.
- Click the name of the agent system for which you want to enable SSL.
- On the system information page, click the Edit Performance Monitor link in the System Profile section.
- In the new Edit Service Monitor window that appears, select the Use SSL (HTTPS) option.
- Click Save.
Once saved, your monitoring station Monitoring Station and agent system will be communicating via SSL.
...