Page History
How to To use SSL with the Solaris agent:
- Install Stunnel on Solaris.
- Install the agent on Solaris.
- Run the command to see the executed script:
Code Block language sql inetadm -l /network/uptimeagent/tcp | fgrep exec
- Run the command to update the executed script for the agent:
Code Block language sql inetadm -m /network/uptimeagent/tcp exec="/usr/sbin/stunnel /usr/local/etc/stunnel/uptimeagent.conf"
where/usr/sbin/stunnel
is the path to the stunnel executable and/usr/local/etc/stunnel/uptimeagent.conf
is the path to the uptimeagent.conf built for stunnel to use. - Run the command to see that the executed script has been changed:
Code Block language sql inetadm -l /network/uptimeagent/tcp | fgrep exec
- Create the certificate that will be used by Stunnel. For example:
Code Block language sql openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem
The following is a sample stunnel.cnf for the openssl program:
...
serverCode Block language sql #
Wiki Markup create RSA certs - Server RANDFILE = stunnel.rnd \[ req \] \\ default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type \\ \[ req_dn \] \\ countryName = Country Name (2 letter code) countryName_default = PL countryName_min = 2 countryName_max= 2stateOrProvinceName stateOrProvinceName_default = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-StatelocalityNameState localityName = Locality Name (eg, city) 0.organizationName 0.organizationName_default = Organization Name (eg, company) 0.organizationName_default = Stunnel Developers LtdorganizationalUnitNameLtd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = 0.commonName 0.commonName_default = Common Name (FQDN of your server) 0.commonName_default = localhost#localhost # To create a certificate for more than one name uncomment: # 1.commonName = DNS alias of your server # 2.commonName = DNS alias of your
Wiki Markup server # ... # See [http://home.netscape.com/eng/security/ssl_2.0_certificate.html|http://home.netscape.com/eng/security/ssl_2.0_certificate.html] # to see how Netscape understands commonName. \[ cert_type \] nsCertType = server \\ \\
- Copy
stunnel.pem
to<stunnel install directory>/uptimeagent.pem
. - Create the uptimeagent.conf with the following lines in the stunnel install directory:
Code Block language sql cert=/etc/stunnel/uptimeagent.pem exec=/opt/uptime-agent/bin/uptimeagent