ecFlow's documentation is now on readthedocs!

Please go to https://ecflow.readthedocs.io/en/latest/index.html

  • Created by Unknown User (ma0), last modified on Oct 27, 2016

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Openssl, enables encrypted communication between client and server. For ecflow this can be used for user commands.

To enable this, please ensure you build ecflow with '-DENABLE_SSL'. You will need to ensure that open ssl is installed on your system.

In order to use openssl, we need set up some certificates. (These will self signed certificates).

The ecflow client and server, will look for the certificates in  $HOME/.eflowrc/ssl directory.

Ecflow server expects the following files in : $HOME/.eflowrc/ssl

  • dh1024.pem
  • server.crt
  • server.key

Ecflow client expects the following files in : $HOME/.eflowrc/ssl

  • server.crt ( this must be the same as server)

The following steps, show you how to create these files:

  • Generate a password protected private key, will request a pass phrase. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text

    Password protected private key
    openssl genrsa -des3 -out server.key 1024

  • Remove password requirement

    cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key

  • Sign certificate with private key (self signed certificate). This file must be accessible by the client and server.

    openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

  • Generate dhparam file. ecflow expects 1024 key.

    openssl dhparam -out dh1024.pem 1024

 

  • No labels