Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


ecFlow server expects the following files in : $HOME/.ecflowrc/ssl

  • dh1024dh2048.pem
  • server.crt
  • server.key
  • server.passwd (optional) if this exists it must contain the passphrase used to create server.key.


  • Generate a password-protected private key. This will request a passphrase.

    This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text

    Code Block
    titlePassword protected private key
    openssl genrsa -des3 -out server.key 1024

  • If you want additional security. Create a file called 'server.passwd' and add the passphrase to the file.  Then set the file permission so that the file is only readable by the server process.

    Or you can choose to remove the password requirement. In that case, we don't need server.passwd file.

    Code Block
    titleremove password requirement
    cp server.key
    openssl rsa -in -out server.key

  • Sign a certificate with a private key (self-signed certificate).  Generate Certificate Signing Request(CSR). 


    This will prompt a number of questions. However please ensure 'common name' matches the host where your server is going to run.

    Code Block
    titleGenerate Certificate Signing Request(CSR)
    openssl req -new -key server.key -out server.csr

  • generate a self-signed certificate CRT, by using the CSR and private key.

    Code Block
    titleSign the certificate. server.crt must be accessible by client and server
    openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

  • Generate dhparam file. ecFlow expects 1024 2048 key.

    Code Block
    openssl dhparam -out dh1024dh2048.pem 10242048