Logo address

HTTPS Service

目次

2002/08/30

Certificate must be provided for https service.
Look certificateif you don't have certificate yet.

The place for keys.

Let's copy cert.pem and key.pem to /sys/lib/ssl. The access mode is:
	--r--r--r-- M 8 bootes sys 1249 Jul 29 18:42 cert.pem
	--r-------- M 8 bootes sys  887 Jul 29 18:42 key.pem
Note that /sys/lib/ssl is in the service space of CGI. Therefore we should have placed key.pem to more safe place.
My favorit place is $home/private/ssl, where $home is bootes home.

Register key.pem to factotum

The contents of key.pem is like this:
	-----BEGIN RSA PRIVATE KEY-----
	MIICXAIBAAKBgQC3e6fc5JGqId3EB6bG5bW0n/nxm+Hl/cqZ10auwGkoUIPSGt70
	36biOH74tkKnqVmfK+IsahG+s1qRcSJzA6qW+l7yYghOu5EFRPA5tf1gj2yAUmsP
	.....
	.....
	p1bb+XDjBL3CcrWbzo7tAje7Zcl+r9q+RSOUKhJ4MP0=
	-----END RSA PRIVATE KEY-----
This format is not accepted by factotum. We must convert pey.pem to store factotum.
	cpu% auth/secretpem /sys/lib/ssl/key.pem > $home/private/ssl/key.pem.factotum

Invoking Pegasus

Become user web and execute
	auth/factotum
	cp $home/private/ssl/key.pem.factotum /mnt/factotum/ctl
	/usr/local/bin/386/httpd -us -p443 -c/sys/lib/ssl/cert.pem
to invoke httpd of pegasus for https service.

To become web you will do:

	cp $home/private/web.factotum /mnt/factotum/ctl
	auth/login web
where the contents of web.factotum is like this:
	key dom=aichi-u.ac.jp proto=p9sk1 user=web !password=xxxxx
If we use `mon' that is included in Pegasus distribution, the process become simpler one:
	cp $home/private/web.factotum /mnt/factotum/ctl
	p=web-passwd
	r=$home/private/ssl/key.pem.factotum
	mon -du web -p $p -r $r /usr/local/bin/386/httpd -suM -p443 -c/sys/lib/ssl/cert.pem
where web-passwd is a path to password file that enables user bootes to become user web.
The file will be created using web's password xxxxx:
	echo -n xxxxx >web-passwd

/rc/bin/cpurc

Here is mine:
	cp $home/private/web.factotum /mnt/factotum/ctl
	b=/usr/local/bin/$cputype
	c=/sys/lib/ssl/cert.pem
	p=$home/private/web-passwd
	r=$home/private/ssl/key.pem.factotum
	$b/mon -du web -p $p $b/httpd -suM
	$b/mon -du web -p $p -r $r $b/httpd -suM -p443 -c $c
Put these lines to your /rc/bin/cpurc and modify if necessary.

Now running

Pegasus HTTPS service is running since 30 August 2002. Try:
https://plan9.aichi-u.ac.jp