Check out in the previous section the names of the certificates and the keys on each side. You are explained step by step how to configure both software agents as well as the Tentacle server for safe communication, using the Tentacle Proxy server too. Tentacle proxy safe configuration use case Safe transfer with client certificate and additional authentication with password: Safe transfer, with no client certificate:Įxtra client parameters ( TENTACLE_EXT_OPTS ): A simplified syntax is used just for learning purposes: In previous sections, the different combinations are explained in detail in this section we add options such as password, Tentacle Proxy server and the use of TENTACLE_EXT_OPTS Check in the previous section the names of the certificates and the keys on each side. To use Tentacle safe options, please verify the package perl(IO::Socket:: SSL) is installed on your system. x password -e tentacle_client_cert -k tentacle_client_keyĬertificate configuration in Tentacle server accepting any certificate in client x password -e tentacle_cert -k tentacle_key -f ca_cert Secure transfer with client certificate and additional password authentication: e tentacle_client_cert -k tentacle_client_key e tentacle_cert -k tentacle_key -f ca_certĮxtra parameters in the client ( TENTACLE_EXT_OPTS ): Secure transfer with customer certificate Secure transfer, without client certificate: Simple transfer with password-based authentication:Įxtra parameter in the server for password:Įxtra parameter in the client for password ( TENTACLE_EXT_OPTS ): A simplified syntax is used for didactic purposes only: Also review in this earlier section the certificate names and keys on each side. In the previous sections the various combinations are explained in detail in this section the password options, Tentacle Proxy server and the use of TENTACLE_EXT_OPTS para fijar configuraciones. To use Tentacle's secure options, please verify that the package perl(IO::Socket:: SSL) is installed on your system. You are the sole responsible for said root key. That way it may be created again with your own writing and reading permissions. $ openssl ca -out tentaclecert.pem -in tentaclenew.pemīear on mind that if the random load file presents some inconvenient, you may delete it with root user rights: sudo rm ~/.rnd. $ cat tentaclereq.pem tentaclekey.pem> tentaclenew.pem Sign the certificate request, setting in addition a consecutive serial as a control and aduting system: $ openssl req -new -keyout tentaclekey.pem -out tentaclereq.pem -days 360 $ openssl req -new -x509 -keyout cakey.pem -out cacert.pemįill in the requested fields for the certificate and remember them because you will need them again later on, exactly the same ones. The following step is make a self-signed CA certificate and move it to the created directories: Remember to set in place, for safety reasons, writing and reading permissions of the different users in your system in the recently created folders. the server is located at the address 192.168.1.1 and the client private key is not protected by pasword. Predefined values for all options will also be shown in the help section.įor all of the following examples. (To use this option, 'Authen::Libwrap' should be installed.) g port Proxy requests to the given port. b ip_address Proxy requests to the given address. V Be verbose on hard way (display errors and other info). S (install|uninstall|run) Manage the win32 service. r number Number of retries for network opertions (default 3). p port Port to listen on (default 41121). m size Maximum file size in bytes (default 2000000b). I Enable insecure operations (file listing and moving). F config_file Configuration file full path. f ca_cert Verify that the peer certificate is signed by a ca. c number Maximum number of simultaneous connections (default 10). (Multiple addresses separated by comma can be defined.) a ip_addresses IP addresses to listen on (default 0,0.0.0.0). Usage: /usr/local/bin/tentacle_server -s y proxy Proxy server string (user: :port). w Prompt for OpenSSL private key password. t time Time-out for network operations in seconds (default 1s). r number Number of retries for network operations (default 3). f ca Verify that the peer certificate is signed by a ca. c Enable SSL without a client certificate. a address Server address (default 127.0.0.1). To see the available options, execute -h parameter, both in the client and server version:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |