...
To enable this, please ensure you build ecflow with '-DENABLE_SSL'. You will need to ensure that open ssl is installed on your system. To check that you have openssl enabled.
| Code Block | ||
|---|---|---|
| ||
ecflow_client --version # look for a string openssl ecflow_server --version # look for a string openssl |
...
Generate a password protected private key. This will request a pass phrase.
This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text
Code Block title Password protected private key openssl genrsa -des3 -out server.key 1024
If you want additional security you can embed the pass phrase in a file, called 'server.passwd'.
Or you can choose to remove password requirement. In this case we don't need server.passwd file.
Code Block title remove password requirement cp server.key server.key.secure openssl rsa -in server.key.secure -out server.key
Sign certificate with private key (self signed certificate). Generate Certificate Signing Request(CSR). This file
This will prompt with a number of questions. However please ensure 'common name' matches the host where your server is going to run.
Code Block title Generate Certificate Signing Request(CSR) openssl req -new -key server.key -out server.csr- generate certificate CRT, by using the CSR and private key.
theCode Block title Sign the certificate. server.crt must be accessible by
.client and server code
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Generate dhparam file. ecflow expects 1024 key.
Code Block openssl dhparam -out dh1024.pem 1024
...