Login | Register
My pages Projects Community openCollabNet
Project highlights: Stable Version: 1.6.1, Development Version: 1.7.6

SSL Configuration

The most critical part of Current's configuration is creating the SSL key file and certificate file which will be used to encrypt communications between the clients and the Current server. To do this, first issue a cinstall create_certificate command after installing Current. This will create several files in /etc/current, among them RHNS-CA-CERT, server.key, and server.crt.

The server.key and server.crt must be copied to the /etc/httpd/conf/ssl.key and /etc/httpd/conf/ssl.crt directories, respectively. If you name these files differently then the entries concerning these files in ssl.conf must be edited. The ssl.conf is part of the mod_ssl package and is normally located at /etc/httpd/conf.d/ssl.conf.

Warning

This procedure will affect the SSL setup for your entire Apache server, not just for Current.

If you already have an existing SSL configuration working with your Apache server, you can use that configuration to generate a CA-CERT file for use with Current. Simply copy the server.crt file from the /etc/httpd/conf/ssl.crt directory to your current working directory and issue the following two commands:

# openssl x509 -noout -text -in server.crt > RHNS-CA-CERT
# cat server.crt >> RHNS-CA-CERT

The RHNS-CA-CERT must be copied to your clients prior to using Current; this will be discussed in the client section of this guide.

Also critical to operating a Current server is to issue a cinstall create_apache_config command in order to create the Apache configuration snippet mentioned above; without this configuration snippet, the Apache server will not know to invoke Current.