Open sslOpenssl, enables encrypted communication between client and server, . For ecflow this can be used for user commands.
To enable this, please ensure you build ecflow with '-DENABLE_SSL'. You will need to ensure that open ssl is installed on your system.
In order to use sslopenssl, we need set up some certificates. (These will self signed certificates).
...
Ecflow client expects the following files in : $HOME/.eflowrc/ssl:
- server.crt ( this must be the same as server)
The following steps, show you how to create these files.:
Generate a password protected private key, will request a pass phrase. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text
Code Block title Password protected private key openssl genrsa -des3 -out server.key 1024
Remove password requirement
Code Block cp server.key server.key.secure openssl rsa -in server.key.secure -out server.key
Sign certificate with private key (self signed certificate). This file must be accessible by the client and server.
Code Block openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Generate dhparam file. ecflow expects 1024 key.
Code Block openssl dhparam -out dh1024.pem 1024
...