Tripp Lite 93-2879 User Manual

_____________________________________________________________________

B096-016 B096-048 and B092-016 User Manual

Page 190

http://www.openssl.org/docs/apps/openssl.html

http://www.openssl.org/docs/HOWTO/certificates.txt

15.8 HTTPS

The Management Console can be served using HTTPS by running the webserver via sslwrap.
The server can be launched on request using inetd.

The HTTP server provided is a slightly modified version of the fnord-httpd from

http://www.fefe.de/fnord/

The SSL implementation is provided by the sslwrap application compiled with OpenSSL support.
More detailed documentation can be found at

http://www.rickk.com/sslwrap/

If your default network address is changed or the unit is to be accessed via a known Domain
Name, you can use the following steps to replace the default SSL Certificate and Private Key
with ones tailored for your new address.

1. Generating an encryption key

To create a 1024 bit RSA key with a password, issue the following command on the command
line of a Linux host with the openssl utility installed:

openssl genrsa -des3 -out ssl_key.pem 1024


2. Generating a self-signed certificate with OpenSSL

This example shows how to use OpenSSL to create a self-signed certificate. OpenSSL is available
for most Linux distributions via the default package management mechanism. (Windows users
can check

http://www.openssl.org/related/binaries.html

)

To create a 1024 bit RSA key and a self-signed certificate, send the following openssl command
from the host you have openssl installed on:

openssl req -x509 -nodes -days 1000 \

-newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem