Versions Compared

Old Version 2

changes.mady.by.user Sam Sulu

Saved on

compared with

New Version Current

changes.mady.by.user IDERA

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to use SSL with the Solaris agent:

 

  1. Install Stunnel on Solaris.
  2. Install the agent on Solaris.

  3. Run the command to see the executed script:

    Code Block
    languagetext
    inetadm -l /network/uptimeagent/tcp | fgrep exec

  4. Run the command to update the executed script for the agent:

    Code Block
    languagetext
    inetadm -m /network/uptimeagent/tcp exec="/usr/sbin/stunnel /usr/local/etc/stunnel/uptimeagent.conf"

    where /usr/sbin/stunnel is the path to the stunnel executable and /usr/local/etc/stunnel/uptimeagent.conf is the path to the uptimeagent.conf built for stunnel to use.

  5. Run the command to see that the executed script has been changed: 

    Code Block
    languagetext
    inetadm -l /network/uptimeagent/tcp | fgrep exec
  6. Create the certificate that will be used by Stunnel.  For example: 
    Code Block
    languagetext
    openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem

    The following is a sample stunnel.cnf for the openssl program: 

    Code Block
    languagetext
    # create RSA certs -

...

  1. Server
RANDFILE = stunnel.rnd
[ req ]
 
default_bits =

...

  1. 1024
encrypt_key =

...

  1. yes
distinguished_name = req_

...

  1. dn
x509_extensions = cert_type
 
[ req_dn ]
 
countryName = Country Name (2 letter code)
countryName_

...

  1. default               = PL
countryName_min                    = 2
countryName_max                   = 2
 
stateOrProvinceName                   = State or Province Name (full name)
stateOrProvinceName_

...

  1. default    

...

  1. = Some-

...

  1. State
 
localityName                    = Locality Name (eg, city)
 
0.

...

  1. organizationName                    = Organization Name (eg, company)
0.organizationName_

...

  1. default      = Stunnel Developers

...

  1. Ltd
 
organizationalUnitName          = Organizational Unit Name (eg, section)

...

  1. 
 #organizationalUnitName_default =
 
0.

...

  1. commonName              

...

  1.            = Common Name (FQDN of your server)
0.commonName_

...

  1. default            = localhost
 
# To create a certificate for more than one name uncomment:
# 1.

...

  1. commonName                  = DNS alias of your

...

  1. server
# 2.

...

  1. commonName                  = DNS alias of your

...

  1. server
# ... # See http://home.netscape.com/eng/security/ssl_2.0_certificate.

...

  1. html
# to see how Netscape understands commonName.
 
[ cert_type ]
nsCertType = server

 

  1. 7.  Copy stunnel.pem to <stunnel install directory>/uptimeagent.pem

 

  1. 8.  Create the uptimeagent.conf  with the following lines in the stunnel install directory:

    Code Block
    language

...

  1. text
    cert=/etc/stunnel/uptimeagent.

...

  1. pem
exec=/opt/uptime-agent/bin/uptimeagent

...