You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

How to use SSL with the Solaris agent:

\n
  1. Install Stunnel on Solaris.\n
  2. Install the agent on Solaris.\n
  3. Run the command to see the executed script: inetadm -l /network/uptimeagent/tcp | fgrep exec\n
  4. Run the command to update the executed script for the agent: inetadm -m /network/uptimeagent/tcp exec="/usr/sbin/stunnel /usr/local/etc/stunnel/uptimeagent.conf" where /usr/sbin/stunnel is the path to the stunnel executable and /usr/local/etc/stunnel/uptimeagent.conf is the path to the uptimeagent.conf built for stunnel to use.\n
  5. Run the command to see that the executed script has been changed: inetadm -l /network/uptimeagent/tcp | fgrep exec\n
  6. Create the certificate that will be used by Stunnel.  For example:
\n
openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem
\n

The following is a sample stunnel.cnf for the openssl program:

# create RSA certs - Server\n\nRANDFILE = stunnel.rnd\n\n[ req ]\ndefault_bits = 1024\nencrypt_key = yes\ndistinguished_name = req_dn\nx509_extensions = cert_type\n\n[ req_dn ]\ncountryName = Country Name (2 letter code)\ncountryName_default             = PL\ncountryName_min                 = 2\ncountryName_max                 = 2\n\nstateOrProvinceName             = State or Province Name (full name)\nstateOrProvinceName_default     = Some-State\n\nlocalityName                    = Locality Name (eg, city)\n\n0.organizationName              = Organization Name (eg, company)\n0.organizationName_default      = Stunnel Developers Ltd\n\norganizationalUnitName          = Organizational Unit Name (eg, section)\n#organizationalUnitName_default =\n\n0.commonName                    = Common Name (FQDN of your server)\n0.commonName_default            = localhost\n\n# To create a certificate for more than one name uncomment:\n# 1.commonName                  = DNS alias of your server\n# 2.commonName                  = DNS alias of your server\n# ...\n# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html\n# to see how Netscape understands commonName.\n\n[ cert_type ]\nnsCertType = server
\n

7.  Copy stunnel.pem to <stunnel install directory>/uptimeagent.pem

\n
8.  Create the uptimeagent.conf  with the following lines in the stunnel install directory:
\n
cert=/etc/stunnel/uptimeagent.pem\nexec=/opt/uptime-agent/bin/uptimeagent
\n

  • No labels