ecFlow's documentation is now on readthedocs!

Please go to https://ecflow.readthedocs.io/en/latest/index.html

  • Created by Unknown User (ma0), last modified on Oct 27, 2016

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Open ssl, enables encrypted communication between client and server, for user commands.

To enable this, please ensure you build ecflow with '-DENABLE_SSL'

In order to use ssl, we need set up some certificates. ( These will self signed certificates).

The ecflow client and server, will look for the certificates in  $HOME/.eflowrc/ssl directory.

Ecflow server expects the following files in : $HOME/.eflowrc/ssl

  • dh1024.pem
  • server.crt
  • server.key

Ecflow client expects the following files in : $HOME/.eflowrc/ssl:

  • server.crt ( this must be the same as server)

The following steps, show you how to create these files.

  • Generate a password protected private key, will request a pass phrase. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text

    Password protected private key
    openssl genrsa -des3 -out server.key 1024

  • Remove password requirement

    cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key

  • Sign certificate with private key (self signed certificate). This file must be accessible by the client and server.

    openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

  • Generate dhparam file. ecflow expects 1024 key.

    openssl dhparam -out dh1024.pem 1024

 

  • No labels