Forum OpenACS Development: SSL Installation

Collapse
1: SSL Installation
Posted by Raul Rodriguez on 12/01/11 06:38 AM
I have been looking for how to get ssl working in a clean installation (https://openacs.org/xowiki/ubuntu) on 10.10 ubuntu.

Can someone help me out?

TIA

Collapse
2: Re: SSL Installation (response to 1)
Posted by Dave Bauer on 12/01/11 03:23 PM
Hi,

Read the config.tcl file, it should have enough comments to get you going. You can create a self-signed certificate for testing. There should be plenty of documentation to use OpenSSL to create a self-signed cert.

Collapse
3: Re: SSL Installation (response to 1)
Posted by Torben Brosten on 12/10/11 07:13 AM
Raul Rodriguez,

If you don't have SSL working on it yet, which version of 10.10 ubuntu are you using, server or desktop?

I'm about to install ubuntu locally, and will match it to help with any specific issues you might be running into.

cheers,

Torben

Collapse
4: Re: SSL Installation (response to 3)
Posted by Raul Rodriguez on 12/12/11 04:05 PM
Thank you for your help. I am using the desktop version. I have not been able to install openssl. It was unclear what version to use and the the download site was hanging. Any help would be much appreciated!

I also missed mentioning that i actually installed dotlrn.

TIA

Collapse
5: Re: SSL Installation (response to 4)
Posted by Torben Brosten on 12/13/11 02:00 PM
Raul,

dotLRN uses essentially the same process as OpenACS for installing SSL. AOLserver uses two different configuration files, but they should be quite similar for SSL purposes:

/etc/opeancs/openacs.sh
and
/etc/dotlrn/dotlrn.sh

I have Openacs running on ubuntu 10.10. I'll post notes on the SSL install, once I have it working. Then we can work out any dotLRN specifics.

This may take a few tries for me; I'm used to freebsd.

cheers,

Torben

Collapse
6: Re: SSL Installation (response to 4)
Posted by Torben Brosten on 12/13/11 02:05 PM
oops.. the config.tcl file for SSL is not openacs.tcl but /etc/openacs/config.tcl
Collapse
7: Re: SSL Installation (response to 1)
Posted by Torben Brosten on 12/13/11 04:55 PM

First, open a terminal window and sudo to root.

Next, edit the config.tcl file. Find the ns_section ending with "nsopenssl/sslcontext/client". Revise the CertFile and KeyFile names to:

ns_param CertFile certfile2.pem
ns_param KeyFile keyfile2.pem

Save the file.

# install nsopenssl
apt-get install aolserver4-nsopenssl

## make key/cert location
cd /etc/openacs
mkdir certs
cd certs

# generate key/certificate (This is a self-signed key)
 openssl rand -out random1 20000
 openssl rand -out random2 20000
 openssl rand -out random3 20000
 openssl genrsa -rand random1:random2:random3 -out keyfile.pem 2048
openssl req -new -x509 -key keyfile.pem -out certfile.pem -days 1095

# make a copy of the key/cert pair, 1 pair per role (users,client)
cp keyfile.pem keyfile2.pem
cp certfile.pem certfile2.pem

# fix permissions
cd ../
chown -R www-data:www-data certs

##restart server

Browse to "https://localhost:8443"

Hopefully, this takes care of the issues you're facing. Please post any issues remaining.

cheers,
Torben

Collapse
8: Re: SSL Installation (response to 7)
Posted by Raul Rodriguez on 12/16/11 05:02 AM
Thank you very much that worked.

The cert directory I created on dotlrn was in:
/etc/dotlrn

Any pointers on how to get email working on the same setup?

Thank You

Collapse
9: Re: SSL Installation (response to 1)
Posted by Torben Brosten on 12/16/11 05:36 AM
Raul,

For setting up email on ubuntu, see:

https://help.ubuntu.com/community/Postfix

For OpenACS email configuration, see the config.tcl file. There's also the Kernel package parameters on your local OpenACS installation at /admin/site-map/ (near bottom of page).

cheers,

Torben