How to use SSL with the Solaris agent:
- Install Stunnel on Solaris.
- Install the agent on Solaris.
Run the command to see the executed script:
Code Block language text inetadm -l /network/uptimeagent/tcp | fgrep exec
Run the command to update the executed script for the agent:
Code Block language text inetadm -m /network/uptimeagent/tcp exec="/usr/sbin/stunnel /usr/local/etc/stunnel/uptimeagent.conf"
where /usr/sbin/stunnel is the path to the stunnel executable and /usr/local/etc/stunnel/uptimeagent.conf is the path to the uptimeagent.conf built for stunnel to use.
Run the command to see that the executed script has been changed:
Code Block language text inetadm -l /network/uptimeagent/tcp | fgrep exec
- Create the certificate that will be used by Stunnel. For example:
Code Block language text openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem
The following is a sample stunnel.cnf for the openssl program:
Code Block language text # create RSA certs -
...
Server RANDFILE = stunnel.rnd [ req ] default_bits =
...
1024 encrypt_key =
...
yes distinguished_name = req_
...
dn x509_extensions = cert_type [ req_dn ] countryName = Country Name (2 letter code) countryName_
...
default = PL countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_
...
default
...
= Some-
...
State localityName = Locality Name (eg, city) 0.
...
organizationName = Organization Name (eg, company) 0.organizationName_
...
default = Stunnel Developers
...
Ltd organizationalUnitName = Organizational Unit Name (eg, section)
...
#organizationalUnitName_default = 0.
...
commonName
...
= Common Name (FQDN of your server) 0.commonName_
...
default = localhost # To create a certificate for more than one name uncomment: # 1.
...
commonName = DNS alias of your
...
server # 2.
...
commonName = DNS alias of your
...
server # ... # See http://home.netscape.com/eng/security/ssl_2.0_certificate.
...
html # to see how Netscape understands commonName. [ cert_type ] nsCertType = server
7. Copy stunnel.pem to <stunnel install directory>/uptimeagent.pem
8. Create the uptimeagent.conf with the following lines in the stunnel install directory:
Code Block language
...
text cert=/etc/stunnel/uptimeagent.
...
pem exec=/opt/uptime-agent/bin/uptimeagent
...