Differences between revisions 1 and 2
Revision 1 as of 2008-04-06 00:08:48
Size: 1525
Comment: init
Revision 2 as of 2009-03-16 03:30:33
Size: 1525
Editor: anonymous
Comment: converted to 1.6 markup
No differences found!

XML RPC Server Certificate and Key

In order to add security to your XML-RPC server you should generate a certificate and key. This section shows a simple method to do that. You have to take the responsibility by yourself to make sure you understand what you do. This guide and the contributors are in no way responsible for the outcome's of this guide.

Each SSL enabled XML-RPC server (stunnel wrapper) needs to present a valid X.509 certificate to the peer and it also needs a private key to decrypt the incoming data. The easiest way to obtain a certificate and a key is to generate them with the free openssl package.

We provide a simple script to generate the key and cert at you own risk. It uses openssl.

STEP 1

Edit /etc/cipux/cipux-cert.conf Add you real mail address and change the Data you need.

STEP 2

Execute as root:

 mkdir -p /etc/cipux/stunnel
 chown stunnel4:stunnel4 /etc/cipux/stunnel
 chmod 700 /etc/cipux/stunnel
 /usr/sbin/cipux_mkcertkey
  • as "stunnel4" use the user and group of your cipux_rpcr aka stunnel4 server.
  • It is recommended to use a user for cipux_rpcr alias stunnel (example user: stunnel4) and an other user for cipux_rpc (example user: cipuxrpc)
  • It is not recommended to use user or group root to execute the stunnel server or cipux_rpc server.
  • It is also not recommend to share that /etc/cipux/stunnel directory, because it contains a private key for the stunnel server. See stunnel man page for details.