add ssl to CentOS-6.5

On vsm1, add ssl tocentOS-6.5. SSL helps to encrypt the password before you send packages(maybeincluding the package) through  theinternet.

 

Since we alreadyinstalled the vsm, so apache2(httpd) wasinstalled.

 

Step 1: config yum reposource

[root@vsm1 opt]# cat/etc/yum.repos.d/total.repo

[total]

name=total

baseurl=http://10.239.82.94/total/

gpgcheck=0

enabled=1

proxy=_none_

 

Step 2:

# yum makecache

 

Step 3: install mod_ssl

# yum installmod_ssl

 

Step 4:

# copyroot@jiyou-test-controller:/opt/vsmceph/source/vsm-deploy/keys to dest host.

 

Step 5:

# cd /opt/keys/

# ./exp_key                                       generatekey file

# cp -rf server.keyserver.key.secure

# ./exp_sec                                       avoidtyping password

# ./exp_csr                                       generate request file

# ./exp_crt                                       generate certificate file

 

Step 6:

Edit/etc/httpd/conf.d/ssl.conf

 

SSLCertificateKeyFile/opt/keys/server.key

Listen 443

SSLEngine on

SSLCertificateFile/opt/keys/server.crt

 

LoadModulessl_module modules/mod_ssl.so

 

Step 7:  In file/etc/httpd/conf/httpd.conf, find lines with 80. then comment them out

 

You can check bycat  /etc/httpd/conf/httpd.conf | grep -v"#" | grep 80. expect no output.

 

step8：restart httpd

 service httpd restart

 

Step9:  in thebrowser, type in "https://192.168.0.1/dashboard"

 notice https, not http

Before the address,there is a lock, click it, you will see the certificate information.

配好ssl后,配置plink.

创建sqlrabkey_443.bat文件,内容如下:

plink.exe -N -L 443:10.239.131.212:443 jiyou@10.239.131.155 -pw zaq12wsx

其中包含的脚本:

exp_key:

#!/usr/bin/expect -f

#penssl genrsa -des3 -out server.key 1024
#Enter pass phrase for server.key:
#Verifying - Enter pass phrase for server.key:
spawn openssl genrsa -des3 -out server.key 1024

expect "Enter pass phrase for server.key:"
send "zaq12wsx\r"

expect "Verifying - Enter pass phrase for server.key:"
send "zaq12wsx\r"

expect eof

exp_crt:

#!/usr/bin/expect -f

#openssl x509 -req -days 7000 -in server.csr -signkey server.key -out server.crt
#Enter pass phrase for server.key:
#Verifying - Enter pass phrase for server.key:
spawn openssl x509 -req -days 7000 -in server.csr -signkey server.key -out server.crt

expect "Enter pass phrase for server.key:"
send "zaq12wsx\r"


expect eof

exp_csr:

#!/usr/bin/expect -f

#openssl req -new -key server.key -out server.csr

#Enter pass phrase for server.key:
#Country Name (2 letter code) [XX]:cn
#State or Province Name (full name) []:intel
#Locality Name (eg, city) [Default City]:it
#Organization Name (eg, company) [Default Company Ltd]:flex
#Organizational Unit Name (eg, section) []:cn
#Common Name (eg, your name or your server's hostname) []:intel
#Email Address []:intel@intel.com

#Please enter the following 'extra' attributes
#to be sent with your certificate request
#A challenge password []:zaq12wsx
#An optional company name []:intel

spawn openssl req -new -key server.key -out server.csr

expect "Enter pass phrase for server.key:"
send "zaq12wsx\r"

expect "Country Name*:"
send "CC\r"

expect "State or Province Name*:"
send "some\r"

expect "Locality Name*:"
send "ceph\r"

expect "Organization Name*:"
send "opensource\r"

expect "Organizational Unit Name*:"
send "storage\r"

expect "Common Name*:"
send "vsm\r"

expect "Email Address*:"
send "ceph@storage.com\r"

expect "A challenge password*:"
send "zaq12wsx\r"

expect "An optional company name*:"
send "cephsystem\r"

expect eof

exp_sec:

#!/usr/bin/expect -f

#openssl rsa -in server.key.secure  -out server.key
#Enter pass phrase for server.key.secure:
#writing RSA key

spawn openssl rsa -in server.key.secure  -out server.key

expect "Enter pass phrase for server.key.secure:"
send "zaq12wsx\r"

expect eof