For information on editing, see the description of Plan 9 wiki syntax.
Programs that use ssl (i was setting this up for tlssrv) need a certificate and a corresponding key to be able to encrypt their connections. The key is secret, and should only be stored in bootes' secstore, loaded at boot into his factotum. 1, FIRST, TO GENERATE AN SSL KEY, DO THESE STEPS AS BOOTES: ! ramfs ! cd /tmp ! auth/rsagen -t 'service=tls role=client owner=*' > key Then from this key, we generate a certificate, that's public: ! auth/rsa2x509 'C=FR CN=*.fakedom.dom' key | auth/pemencode CERTIFICATE > /sys/lib/tls/cert Where FR is a two-digit country code, and fakedom.dom is your domain. ! auth/secstore -g factotum To get bootes' factotum file from the secstore ! cat key >> factotum To add the ssl key to the factotum, optionally, you can also add it to his running factotum: ! cat key >> /mnt/factotum/ctl Then store the modified factotum file in the secstore: ! auth/secstore -p factotum 2, TO BE SURE THE KEY GETS LOADED AT BOOT TIME you should be sure to start a factotum before the listen process is started in /rc/bin/cpurc ot termrc, and that the keys do get loaded from the secstore. If you are not sure, you can check by rebooting, then, as hostowner, from the phisical machine do: ! cat /mnt/factotum/ctl Should show a key with proto=rsa service=tls role=client. 3, TO LOAD THE KEY AT BOOT FROM BOOTES' SECSTORE with the secstore key in the nvram, you can do this: If you are not sure bootes' secstore key is in nvram, you can make sure by doing ! auth/wrkey This will prompt for authid (usually bootes), authdom, secstore key and bootes' password. Then, to load the factotum file from secstore to the running factotum, add this to /rc/bin/cpurc or termrc: ! auth/secstore -n -G factotum >> /mnt/factotum/ctl Then, to check whether it's loaded retry step 2.
