Openssl, enables encrypted communication between client and server. For ecflow this can be used for user commands.
To enable this, please ensure you build ecflow with '-DENABLE_SSL'. You will need to ensure that open ssl is installed on your system.
In order to use openssl, we need set up some certificates. (These will self signed certificates).
The ecflow client and server, will look for the certificates in $HOME/.eflowrc/ssl directory.
Ecflow server expects the following files in : $HOME/.eflowrc/ssl
- dh1024.pem
- server.crt
- server.key
Ecflow client expects the following files in : $HOME/.eflowrc/ssl
- server.crt ( this must be the same as server)
The following steps, show you how to create these files:
Generate a password protected private key, will request a pass phrase. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text
Password protected private keyopenssl genrsa -des3 -out server.key 1024
Remove password requirement
cp server.key server.key.secure openssl rsa -in server.key.secure -out server.key
Sign certificate with private key (self signed certificate). This file must be accessible by the client and server.
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Generate dhparam file. ecflow expects 1024 key.
openssl dhparam -out dh1024.pem 1024