Using SSL -Diff-
Wed Jan 28 16:38:49 EST 2009, glenda
Programs that use ssl (i was setting this up for tlssrv) need a certificate and a corresponding key to be able to encrypt their connections. The key is secret, and should only be stored in bootes' secstore, loaded at boot into his factotum.
1, FIRST, TO GENERATE AN SSL KEY, DO THESE STEPS AS BOOTES:
ramfs cd /tmp auth/rsagen -t 'service=tls role=client owner=*' > keyThen from this key, we generate a certificate, that's public:
auth/rsa2x509 'C=FR CN=*.fakedom.dom' key | auth/pemencode CERTIFICATE > /sys/lib/tls/certWhere FR is a two-digit country code, and fakedom.dom is your domain.
auth/secstore -g factotumTo get bootes' factotum file from the secstore
cat key >> factotumTo add the ssl key to the factotum, optionally, you can also add it to his running factotum:
cat key >> /mnt/factotum/ctlThen store the modified factotum file in the secstore:
auth/secstore -p factotum
2, TO BE SURE THE KEY GETS LOADED AT BOOT TIME
you should be sure to start a factotum before the listen process is started in /rc/bin/cpurc ot termrc, and that the keys do get loaded from the secstore. If you are not sure, you can check by rebooting, then, as hostowner, from the phisical machine do:
cat /mnt/factotum/ctlShould show a key with proto=rsa service=tls role=client.
3, TO LOAD THE KEY AT BOOT FROM BOOTES' SECSTORE
with the secstore key in the nvram, you can do this:
If you are not sure bootes' secstore key is in nvram, you can make sure by doing
auth/wrkeyThis will prompt for authid (usually bootes), authdom, secstore key and bootes' password.
Then, to load the factotum file from secstore to the running factotum, add this to /rc/bin/cpurc or termrc:
auth/secstore -n -G factotum >> /mnt/factotum/ctlThen, to check whether it's loaded retry step 2.
