Installation instructions (for REXEC versions >= 2.0)
NOTE: In the instructions below, replace /tmp/openssl with the
directory where you want to install OpenSSL.
NOTE: In the instructions below, replace /tmp/ca with your certificate
authority directory (i.e., the directory you plan to rename
demoCA to).
NOTE: In the instructions below, replace /tmp/ca/cacert.pem with the
pathname of the CA's certificate. If the certificate authority
directory you chose is shared, you can just choose cacert.pem in
that directory (e.g., /tmp/ca/cacert.pem with the default).
Otherwise, you'll need to copy the CA's certificate onto all
nodes with the specific pathname.
1. Building and installing OpenSSL
- tar xvfz openssl-0.9.5a.tar.gz
- cd openssl-0.9.5a
- ./config threads --ca-dir=/tmp/ca --prefix=/tmp/openssl --openssldir=/tmp/openssl
- --ca-dir: Certificate authority directory
- --prefix: OpenSSL include/lib/bin.
- --openssldir: OpenSSL installation directory.
- make
- make install
2. Creating a certificate authority
- Add /tmp/openssl/bin/ to your PATH
- cd /tmp
- /tmp/openssl/misc/CA.pl -newca
(Use 'Certificate Authority' for Username, use sys admin's E-Mail Address)
- mv demoCA /tmp/ca
3. Creating and installing node private keys/certificates
- openssl genrsa > svr_key.pem
- openssl req -new -key svr_key.pem -out svr_req.pem
(Use 'Cluster Node' for Username, use sys admin's E-Mail Address)
- openssl ca -in svr_req.pem -out svr_cert.pem
- cp svr_key.pem /etc/svr_key.pem (on each cluster node)
cp svr_cert.pem /etc/svr_cert.pem (on each cluster node)
chmod 700 /etc/svr_key.pem (on each cluster node)
chmod 700 /etc/svr_cert.pem (on each cluster node)
4. Creating and installing user private keys/certificates
(each user needs to do this)
- mkdir ~/.rexec
- chmod 700 ~/.rexec
- cd ~/.rexec
- openssl genrsa > cli_key.pem
- openssl req -new -key cli_key.pem -out cli_req.pem
(Use your login name for Username, use your own E-Mail Address)
- openssl ca -in cli_req.pem -out cli_cert.pem (CA does this)
(When CA returns cli_cert.pem, save it in ~/.rexec)
5. Building and installing REXEC
- tar xvfz rexec-1.4.tar.gz
- cd rexec-1.4
- ./configure --with-ca-cert=/tmp/ca/cacert.pem --with-openssl-include=/tmp/openssl/include --with-openssl-lib=/tmp/openssl/lib --prefix=/tmp/rexec
- --with-ca-cert: Certificate authority certificate.
- --with-openssl-include: OpenSSL include directory.
- --with-openssl-lib: OpenSSL lib directory.
- --prefix: REXEC installation directory.
- make
- make install
6. Starting the daemons and running applications
Last Modified: Wed Sep 6 19:35:13 PDT 2000
bnc,
PGP Public Key.