Files @ fdcbbef93262
Branch filter:

Location: libtransport.git/documentation/configuration/server_ssl.md

fdcbbef93262 1.5 KiB text/markdown Show Annotation Show as Raw Download as Raw
Jan Kaluza
tracker update
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
---
layout: page
title: Spectrum 2
---

To configure SSL support for Spectrum2 in server mode, you have to generate server-side certificate, convert it to PKCS#12 format and configure path to it in Spectrum 2 config file.

This article describes how to generate self-signed server certificate and use it in Spectrum 2.

### Setup your own CA (Certificate Authority)

	$ openssl genrsa -des3 -out my-ca.key 2048
	$ openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt

### Make a key and a certificate for the server

* When prompted for "Common Name (eg, your name or your server's hostname) []:", add the hostname/JID of your transport (for example "localhost").
* When prompted for "A challenge password []:", *do not* set it.

	$ openssl genrsa -des3 -out spectrum2-server.key 1024
	$ openssl req -new -key spectrum2-server.key -out spectrum2-server.csr
	$ openssl x509 -req -in spectrum2-server.csr -out spectrum2-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650

### Convert server key and certficate to PKCS#12 format

When generating pkcs12 file, *do not* set the Export password. Spectrum 2 currently doesn't parse pkcs12 certificates with password.

	$ openssl pkcs12 -export -in spectrum2-server.crt -inkey spectrum2-server.key -out spectrum2-server.p12

### Set path to certificate in config file

Set the path to cert and configure certificate password if you set one for the pkcs12 file.

	[service]
	...
	cert=/etc/spectrum2/certificates/spectrum2-server.p12
Server instance: srv01-28608 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support