Project

General

Profile

SSL » History » Version 1

Ohad Levy, 01/25/2011 08:24 AM

1 1 Ohad Levy
h1. SSL setup
2
3
The smart proxy can work in SSL mode, where both sides verify and trust each other.
4
5
h2. Configure SSL certificates
6
7
This request will only be accepted if the SSL certificates match. Therefore the client's private key grants access to proxy's funtionality, so protect it.
8
9
As this tool is meant to interoperate with a puppet installation I suggest that you use the Certificate Authority provided by a puppet server as your CA.
10
11
# Login to your puppetmaster, which has a Certificate Authority
12
# Use the puppet tools to create a new certificate
13
<pre><code>
14
  puppetca --generate <proxy-FQDN>
15
</pre></code>
16
# Copy the certificate keys to your Windows host
17
<pre><code>
18
    scp puppetmaster:/var/lib/puppet/ssl/ca/signed/<proxy-FQDN>.pem signed.pem
19
    scp puppetmaster:/var/lib/puppet/ssl/private_keys/<proxy-FQDN>.pem private.pem
20
</pre></code>
21
# Copy the ssl/certs/ca.pem from any puppet client to the smart-proxy\config directory. This ensures that the proxy trusts the same CA as a puppet client.