Chapter 15: Advanced Configuration

To create a 1024 bit RSA key and a self-signed certificate, issue the following openssl command from the host you have openssl installed on:

openssl req -x509 -nodes -days 1000 \

-newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem

You will be prompted to enter a lot of information. Most of it doesn’t matter, but the "Common Name" should be the domain name of your computer (for example, test.Black Box.com). When you have entered everything, the certificate will be created in a file called ssl_cert.pem.

#$!   

We recommend that you use an SCP (Secure Copying Protocol) client to copy files securely to the console server unit. The scp utility is distributed with OpenSSH for most Unix distributions, while Windows users can use something like the PSCP command line utility available with PuTTY.

You can install remotely the files created in the steps above with the scp utility as follows:

scp ssl_key.pem root@<address of unit>:/etc/config/ scp ssl_cert.pem root@<address of unit>:/etc/config/

or using PSCP:

pscp -scp ssl_key.pem root@<address of unit>:/etc/config/ pscp -scp ssl_cert.pem root@<address of unit>:/etc/config/

PuTTY and the PSCP utility can be downloaded from:        

More detailed documentation on the PSCP can be found:     

#$"      

Note that the easiest way to enable the HTTPS server is from the web Management Console. Simply click the appropriate checkbox in Network -> Services -> HTTPS Server and the HTTPS server will be activated (assuming the ssl_key.pem & ssl_cert.pem files exist in the /etc/config directory).

Alternatively inetd can be configured to launch the secure fnord server from the command line of the unit as follows.

Edit the inetd configuration file. From the unit command line:

vi /etc/config/inetd.conf

Append a line:

443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd /home/httpd"

Save the file and signal inetd of the configuration change.

kill -HUP `cat /var/run/inetd.pid`

The HTTPS server should be accessible from a web client at a URL similar to this: https://<common name of unit>

More detailed documentation about the openssl utility can be found at the website:   

#% 

The console server supports a growing list of remote power-control devices (RPCs) that you can configure using the Management Console. These RPCs are controlled using the open source PowerMan and Network UPS Tools and with Black Box’s pmpower utility.

#%    

PowerMan provides power management in a data center or compute cluster environment. It performs operations such as power on, power off, and power cycle via remote power controller (RPC) devices.

Synopsis

powerman [-option] [targets] pm [-option] [targets]

724-746-5500 blackbox.com

155

Page 155
Image 155
Black Box 1101, 1102 #$! , #$    , #%