SSL » History » Version 1
Ohad Levy, 01/25/2011 08:24 AM
1 | 1 | Ohad Levy | h1. SSL setup |
---|---|---|---|
2 | |||
3 | The smart proxy can work in SSL mode, where both sides verify and trust each other. |
||
4 | |||
5 | h2. Configure SSL certificates |
||
6 | |||
7 | This request will only be accepted if the SSL certificates match. Therefore the client's private key grants access to proxy's funtionality, so protect it. |
||
8 | |||
9 | As this tool is meant to interoperate with a puppet installation I suggest that you use the Certificate Authority provided by a puppet server as your CA. |
||
10 | |||
11 | # Login to your puppetmaster, which has a Certificate Authority |
||
12 | # Use the puppet tools to create a new certificate |
||
13 | <pre><code> |
||
14 | puppetca --generate <proxy-FQDN> |
||
15 | </pre></code> |
||
16 | # Copy the certificate keys to your Windows host |
||
17 | <pre><code> |
||
18 | scp puppetmaster:/var/lib/puppet/ssl/ca/signed/<proxy-FQDN>.pem signed.pem |
||
19 | scp puppetmaster:/var/lib/puppet/ssl/private_keys/<proxy-FQDN>.pem private.pem |
||
20 | </pre></code> |
||
21 | # Copy the ssl/certs/ca.pem from any puppet client to the smart-proxy\config directory. This ensures that the proxy trusts the same CA as a puppet client. |