Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to To use SSL with the Solaris agent:

  1. Install Stunnel on Solaris.
  2. Install the agent on Solaris.
  3. Run the command to see the executed script:
    Code Block
    languagesql
    inetadm -l /network/uptimeagent/tcp | fgrep exec
  4. Run the command to update the executed script for the agent:
    Code Block
    languagesql
    inetadm -m /network/uptimeagent/tcp exec="/usr/sbin/stunnel /usr/local/etc/stunnel/uptimeagent.conf"

    where /usr/sbin/stunnel is the path to the stunnel executable and /usr/local/etc/stunnel/uptimeagent.conf is the path to the uptimeagent.conf built for stunnel to use.
  5. Run the command to see that the executed script has been changed:
    Code Block
    languagesql
    inetadm -l /network/uptimeagent/tcp | fgrep exec
  6. Create the certificate that will be used by Stunnel. For example:
    Code Block
    languagesql
    openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem 

    The following is a sample stunnel.cnf for the openssl program:

...


  1. Code Block
    languagesql
    # 
    Wiki Markup
    create RSA certs - Server 
    RANDFILE = stunnel.rnd
    \[ req \]
    \\
    default_bits = 1024 
    encrypt_key = yes 
    distinguished_name = req_dn 
    x509_extensions = cert_type
    \\
    \[ req_dn \]
    \\
    countryName              = Country Name (2 letter code) 
    countryName_default      = PL  
    countryName_min          = 2
    countryName_max= 2stateOrProvinceName stateOrProvinceName_default          = 2
    
    stateOrProvinceName              = State or Province Name (full name)
    stateOrProvinceName_default      = Some-StatelocalityNameState
    
    localityName             = Locality Name (eg, city)
    
    0.organizationName 0.organizationName_default              = Organization Name (eg, company)
    0.organizationName_default      = Stunnel Developers LtdorganizationalUnitNameLtd
    
    organizationalUnitName          = Organizational Unit Name (eg, section)
     #organizationalUnitName_default =
    
    0.commonName 0.commonName_default            = Common Name (FQDN of your server)
    0.commonName_default     = localhost#localhost
    
    # To create a certificate for more than one name uncomment: 
    # 1.commonName          = DNS alias of your server
    # 2.commonName          = DNS alias of your
    server
    Wiki Markup
     server
    # ... # See [http://home.netscape.com/eng/security/ssl_2.0_certificate.html|http://home.netscape.com/eng/security/ssl_2.0_certificate.html] 
    # to see how Netscape understands commonName.
    
    \[ cert_type \] 
    nsCertType = server
    \\
    \\
  2. Copy stunnel.pem to <stunnel install directory>/uptimeagent.pem.
  3. Create the uptimeagent.conf with the following lines in the stunnel install directory:
    Code Block
    languagesql
    cert=/etc/stunnel/uptimeagent.pem 
    exec=/opt/uptime-agent/bin/uptimeagent