/rc/bin/cpurc
2002/08/30
Certificate must be provided for https service.
Look certificateif you don't have certificate yet.
/sys/lib/ssl
. The access mode is:--r--r--r-- M 8 bootes sys 1249 Jul 29 18:42 cert.pem --r-------- M 8 bootes sys 887 Jul 29 18:42 key.pemNote that
/sys/lib/ssl
is in the service space of CGI. Therefore we should have placed key.pem to more safe place.$home/private/ssl
, where $home
is bootes home.
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC3e6fc5JGqId3EB6bG5bW0n/nxm+Hl/cqZ10auwGkoUIPSGt70 36biOH74tkKnqVmfK+IsahG+s1qRcSJzA6qW+l7yYghOu5EFRPA5tf1gj2yAUmsP ..... ..... p1bb+XDjBL3CcrWbzo7tAje7Zcl+r9q+RSOUKhJ4MP0= -----END RSA PRIVATE KEY-----This format is not accepted by factotum. We must convert
pey.pem
to store factotum.cpu% auth/secretpem /sys/lib/ssl/key.pem > $home/private/ssl/key.pem.factotum
web
and executeauth/factotum cp $home/private/ssl/key.pem.factotum /mnt/factotum/ctl /usr/local/bin/386/httpd -us -p443 -c/sys/lib/ssl/cert.pemto invoke httpd of pegasus for https service.
To become web you will do:
cp $home/private/web.factotum /mnt/factotum/ctl auth/login webwhere the contents of
web.factotum
is like this:key dom=aichi-u.ac.jp proto=p9sk1 user=web !password=xxxxxIf we use `mon' that is included in Pegasus distribution, the process become simpler one:
cp $home/private/web.factotum /mnt/factotum/ctl p=web-passwd r=$home/private/ssl/key.pem.factotum mon -du web -p $p -r $r /usr/local/bin/386/httpd -suM -p443 -c/sys/lib/ssl/cert.pemwhere
web-passwd
is a path to password file that enables user bootes
to become user web
.echo -n xxxxx >web-passwd
/rc/bin/cpurc
cp $home/private/web.factotum /mnt/factotum/ctl b=/usr/local/bin/$cputype c=/sys/lib/ssl/cert.pem p=$home/private/web-passwd r=$home/private/ssl/key.pem.factotum $b/mon -du web -p $p $b/httpd -suM $b/mon -du web -p $p -r $r $b/httpd -suM -p443 -c $cPut these lines to your
/rc/bin/cpurc
and modify if necessary.
https://plan9.aichi-u.ac.jp