Logo address

HTTPS Service

目次

2002/08/30

Certificate must be provided for https service.
Let's assume we have recompiled our kernel to reflect new factotum, and we have cert.pem and key.pem.
See path for factotum if you don't have recompiled kernel yet,
and see certificateif you don't have certificate yet.

The place for keys.

Let's copy cert.pem and key.pem to /sys/lib/tls. The access mode is:
	--r--r--r-- M 8 bootes sys 1249 Jul 29 18:42 cert.pem
	--r-------- M 8 bootes sys  887 Jul 29 18:42 key.pem
Note that /sys/lib/tls is in the service space of CGI. Therefore we should have placed key.pem to more safe place.

Register key.pem to factotum

The contents of key.pem is like this:
	-----BEGIN RSA PRIVATE KEY-----
	MIICXAIBAAKBgQC3e6fc5JGqId3EB6bG5bW0n/nxm+Hl/cqZ10auwGkoUIPSGt70
	36biOH74tkKnqVmfK+IsahG+s1qRcSJzA6qW+l7yYghOu5EFRPA5tf1gj2yAUmsP
	.....
	.....
	p1bb+XDjBL3CcrWbzo7tAje7Zcl+r9q+RSOUKhJ4MP0=
	-----END RSA PRIVATE KEY-----
This format is not accepted by factotum. We must convert pey.pem to store factotum.
	cpu% auth/secretpem /sys/lib/tls/key.pem > /mnt/factotum/ctl

Invoking Pegasus

Become user web and run
	/usr/local/bin/386/httpd -us -p443 -c/sys/lib/tls/cert.pem
to invoke httpd of pegasus for https service.
If we use `mon' that is included in Pegasus distribution, the process become simpler one:
	mon -du web -p passwordfile /usr/local/bin/386/httpd -suM -p443 -c/sys/lib/tls/cert.pem
where passwordfile is a path to password file that enables user bootes to become user web.

/rc/bin/cpurc

Here is mine:
	auth/secretpem /usr/bootes/private/key.pem > /mnt/factotum/ctl
	a=/usr/local/bin/$cputype
	c=/sys/lib/tls/cert.pem
	p=/usr/web/lib/passwd
	$a/mon -du web -p $p $a/httpd -suM
	$a/mon -du web -p $p $a/httpd -suM -p443 -c $c
Put these lines to your /rc/bin/cpurc and modify if necessary.
I don't have consistent idea for the place to store secret keys.
It is best to have single place for these keys.

Now running

Pegasus HTTPS service is running since 30 August 2002. Try:

	https://plan9.aichi-u.ac.jp