Let’s prepare the cert needed by ntopng: cat /root/certs/hobbes.key /root/certs/hobbes.crt /root/certs/CA.pem > /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem You should delete the ntopng-cert.pem test file and the README or move them to a different folder: rm /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem rm /usr/share/ntopng/httpdocs/ssl/README Using to help us, we know that we should store the cert in the folder /usr/share/ntopng/httpdocs/ssl and it should be named as ntopng-cert.pem. You should import the CA.pem as a CA Authority in your browser to avoid SSL warnings. Subject=/C=ES/ST=Palencia/L=Palencia/O=ArtemIT CA Private Key Openssl x509 -req -sha256 -in /root/certs/hobbes.csr -CA /root/certs/CA.pem -CAkey /root/certs/CA.key -CAcreateserial -out /root/certs/hobbes.crt -days 3650 Organizational Unit Name (eg, section) :Įmail Address enter the following 'extra' attributes
Openssl req -new -sha256 -key /root/certs/hobbes.key -days 3650 -out /root/certs/hobbes.csr Organizational Unit Name (eg, section) :n40labĬommon Name (eg, your name or your server's hostname) :Įmail Address genrsa -out /root/certs/hobbes.key 2048 Organization Name (eg, company) :ArtemIT Labs State or Province Name (full name) :Palencia If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated into your certificate request. Openssl req -x509 -new -nodes -sha256 -extensions v3_ca -key /root/certs/CA.key -days 3650 -out /root/certs/CA.pem Generating RSA private key, 2048 bit long modulus mkdir /root/certs openssl genrsa -out /root/certs/CA.key 2048
NTOPNG CERTIFICATE PASSWORD
I’ll set no challenge password for the SSL certificate.
Now we’re going to create our own Certification Authority and generate an SSL certificate for my test server:.
NTOPNG CERTIFICATE INSTALL
Once again, let’s be sure that you’ve openssl and openssl-devel yum install openssl openssl-devel If openssl-devel is not installed you may have problems starting the SSL server. If you don’t want to generate your own certificate and use the test certificate offered by ntopng (/usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem) be sure you have openssl and openssl-devel and then jump to the second part: yum install openssl openssl-devel This post is divided in two parts and it assumes that ntop is already installed. Today we’re going to add SSL to our NTOP installation.
0 kommentar(er)
