Let’s prepare the cert needed by ntopng: cat /root/certs/hobbes.key /root/certs/hobbes.crt /root/certs/CA.pem > /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem ![]() You should delete the ntopng-cert.pem test file and the README or move them to a different folder: rm /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem rm /usr/share/ntopng/httpdocs/ssl/README Using to help us, we know that we should store the cert in the folder /usr/share/ntopng/httpdocs/ssl and it should be named as ntopng-cert.pem. You should import the CA.pem as a CA Authority in your browser to avoid SSL warnings. Subject=/C=ES/ST=Palencia/L=Palencia/O=ArtemIT CA Private Key ![]() Openssl x509 -req -sha256 -in /root/certs/hobbes.csr -CA /root/certs/CA.pem -CAkey /root/certs/CA.key -CAcreateserial -out /root/certs/hobbes.crt -days 3650 Organizational Unit Name (eg, section) :Įmail Address enter the following 'extra' attributes Openssl req -new -sha256 -key /root/certs/hobbes.key -days 3650 -out /root/certs/hobbes.csr Organizational Unit Name (eg, section) :n40labĬommon Name (eg, your name or your server's hostname) :Įmail Address genrsa -out /root/certs/hobbes.key 2048 Organization Name (eg, company) :ArtemIT Labs State or Province Name (full name) :Palencia If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated into your certificate request. Openssl req -x509 -new -nodes -sha256 -extensions v3_ca -key /root/certs/CA.key -days 3650 -out /root/certs/CA.pem Generating RSA private key, 2048 bit long modulus mkdir /root/certs openssl genrsa -out /root/certs/CA.key 2048 I’ll set no challenge password for the SSL certificate. Now we’re going to create our own Certification Authority and generate an SSL certificate for my test server:. Once again, let’s be sure that you’ve openssl and openssl-devel yum install openssl openssl-devel If openssl-devel is not installed you may have problems starting the SSL server. If you don’t want to generate your own certificate and use the test certificate offered by ntopng (/usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem) be sure you have openssl and openssl-devel and then jump to the second part: yum install openssl openssl-devel This post is divided in two parts and it assumes that ntop is already installed. ![]() Today we’re going to add SSL to our NTOP installation.
0 Comments
Leave a Reply. |