-
Generate the files client.pem, client.cert, and client.key on each client machine using openssl version 1.0.1c:
openssl genrsa 1024 > client.key chmod 400 client.key openssl req -new -x509 -nodes -sha1 -days 365 -key client.key > client.cert openssl x509 -in client.cert -text > client.pem
-
Use the following command line arguments when executing ACT. For this example, we will assume the client will store the certificate as /home/jbloggs/certs/client.cert and the key as /home/jbloggs/certs/client.key:
- --enable-ssl
- --ssl-self-signed-peer
- --ssl-certificate-path /home/jbloggs/certs/client.cert
- --ssl-private-key-path /home/jbloggs/certs/client.key
-
--ssl-cert-filetype 1(A value of "1" means SSL_FILETYPE_PEM. A value of “2” means SSL_FILETYPE_ASN1.)
Or use a configuration file similar to the following:
# ACT configuration file example # Contains settings for connecting securely to a specific host and database host: 10.10.10.10 dbname: sampledb username: sampleuser # SSL settings enable-ssl: true ssl-certificate-path: /home/jbloggs/certs/client.cert ssl-private-key-path: /home/jbloggs/certs/client.key ssl-cert-filetype: 1