-
Determine if you want to use the default certificate or generate a new one:
- To use the default certificate files under the path /home/beehive/certs/ on the queen, continue to the next step.
- To manually generate a new private key and certificate, log in to the queen as beehive and ensure that the queen is using openssl version 1.0.1c or later by issuing:
# openssl version
Then issue:
# openssl genrsa 1024 > server.key # chmod 400 server.key # openssl req -config /home/beehive/config/openssl.cnf -new -x509 -nodes -sha1 -days 365 -key server.key > server.cert # openssl x509 -in server.cert -text > server.pem
-
Make the following settings on the queen. You can use http://<queen-ip-address>:2407/std/configflags. You also need to configure the same settings on all the loader nodes if you want to enable SSL on Aster Loader and Exporter tools.
- disallowPeerWithoutCertificates=false
- trustedCAFileName=/home/beehive/certs/server.pem (or alternatively, use trustedCAPath to specify multiple files).
- sslCertificatePath=/home/beehive/certs/server.cert
- sslPrivateKeyPath=/home/beehive/certs/server.key
- sslFileType=1 (A value of "1" means SSL_FILETYPE_PEM.)
- Ensure that secureWrites is set to false.
- Ensure that secureMuleServer is set to true.