-
Determine if you want to use an existing certificate or generate a new one:
- To use an existing certificate, save these files on the queen, substituting the names of your existing files:
/home/beehive/certs/sampleco.cert /home/beehive/certs/sampleco.pem /home/beehive/certs/sampleco.key
- To manually generate a new certificate, log in to the queen as beehive and ensure that the queen is using openssl version 1.0.1c by issuing:
# openssl version
Then issue:
# openssl genrsa 1024 > sampleco.key # chmod 400 sampleco.key # openssl req -config /home/beehive/config/openssl.cnf -new -x509 -nodes -sha1 -days 365 -key sampleco.key > sampleco.cert # openssl x509 -in sampleco.cert -text > sampleco.pem
- To use an existing certificate, save these files on the queen, substituting the names of your existing files:
-
Make the following settings on the queen. You can use http://<queen-ip-address>:2407/std/configflags. You also need to configure the same setting on all the loader nodes if you want to enable SSL on Aster Loader and Exporter tools.
- disallowPeerWithoutCertificates=false
- trustedCAFileName=/home/beehive/certs/sampleco.pem
- sslCertificatePath=/home/beehive/certs/sampleco.cert
- sslPrivateKeyPath=/home/beehive/certs/sampleco.key
- sslFileType=1 (A value of "1" means SSL_FILETYPE_PEM. A value of “2” means SSL_FILETYPE_ASN1.)
- There is no need to set the trustedCAPath parameter if you use a single root certificate for all clients.
- Ensure that secureWrites is set to false.
- Ensure that secureMuleServer is set to true.