...
Once OpenSSL is installed, enter the following commands (changing <openssl_dir> to the proper path for the OpenSSL installation directory) at the command line to generate the certificate key. The example uses 1024 bit encryption; if required, you can increase to your preferred value:
Code Block |
---|
cd <openssl_dir>/bin openssl genrsa -des3 -out uptime_ssl_server.key 1024 4096 openssl req -new -key uptime_ssl_server.key -out uptime_ssl_server.csr openssl x509 -reqsha512 -daysnodes 365 -in uptime_ssl_server.csrnewkey rsa:4096 -signkey uptime_ssl_serverkeyout domain.key -out uptime_ssl_server.crt |
Create a passphrase file
Create a passphrase file containing your SSL server password specified in the previous step. The Uptime Web Server will require the password each time it restarts but a passphrase file will automate the request, so user intervention is not necessary.
Windows:
Open notepad and enter the following line where <your_SSL_server_password> is the password for your generated certificate keys.
Code Block | ||
---|---|---|
| ||
@echo <your_SSL_server_password> |
Save the file as passphrase.cmd.
...
Code Block | ||
---|---|---|
| ||
#!/bin/bash
echo "<your_SSL_server_password>" |
Save the file as passphrase.cmd.
Make the file executable.
Code Block | ||
---|---|---|
| ||
chmod +x passphrase.cmd |
Move the files to the Uptime Infrastructure Monitor directory
...
- uptime_ssl_server.key
- uptime_ssl_server.crt
- passphrase.cmd
Update httpd.conf
The following changes to the web server configuration file (httpd.conf) will allow it to use SSL.
...
Code Block | ||
---|---|---|
| ||
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite ALL:!aNULL:!eNULL:!EXP:!DES:!RC4:!MD5:!PSK:!aECDH:!KRB5:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA
SSLMutex default
SSLPassPhraseDialog "exec:<uptime_dir>/apache/conf/passphrase.cmd"
SSLSessionCache none
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
DocumentRoot "<uptime_dir>/GUI"
SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.crt"
SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_server.key"
</VirtualHost>
<VirtualHost *:9999>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]
</VirtualHost> |
...