HTTPS Service
目次- 1.0.0 The place for keys.
- 2.0.0 Register key.pem to factotum
- 3.0.0 Invoking Pegasus
- 4.0.0
/rc/bin/cpurc
- 5.0.0 Now running
Certificate must be provided for https service. Look certificate if you don't have certificate yet.
The place for keys.
Let's copy cert.pem and key.pem to/sys/lib/ssl
. The access mode is:--r--r--r-- M 8 bootes sys 1249 Jul 29 18:42 cert.pem --r-------- M 8 bootes sys 887 Jul 29 18:42 key.pemNote that
/sys/lib/ssl
is in the service space of CGI. Therefore we should have placed key.pem to more safe place.My favorit place is
$home/private/ssl
, where $home
is bootes home.
Register key.pem to factotum
The contents of key.pem is like this:-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC3e6fc5JGqId3EB6bG5bW0n/nxm+Hl/cqZ10auwGkoUIPSGt70 36biOH74tkKnqVmfK+IsahG+s1qRcSJzA6qW+l7yYghOu5EFRPA5tf1gj2yAUmsP ..... ..... p1bb+XDjBL3CcrWbzo7tAje7Zcl+r9q+RSOUKhJ4MP0= -----END RSA PRIVATE KEY-----This format is not accepted by factotum. We must convert
pey.pem
to store factotum.cpu% auth/secretpem /sys/lib/ssl/key.pem > $home/private/ssl/key.pem.factotum
Invoking Pegasus
Become userweb
and executeauth/factotum cp $home/private/ssl/key.pem.factotum /mnt/factotum/ctl /usr/local/bin/386/httpd -us -p443 -c/sys/lib/ssl/cert.pemto invoke httpd of pegasus for https service.
To become web you will do:
cp $home/private/web.factotum /mnt/factotum/ctl auth/login webwhere the contents of
web.factotum
is like this:key dom=aichi-u.ac.jp proto=p9sk1 user=web !password=xxxxxIf we use
mon
that is included in Pegasus distribution, the process become simpler one:cp $home/private/web.factotum /mnt/factotum/ctl p=web-passwd r=$home/private/ssl/key.pem.factotum mon -du web -p $p -r $r /usr/local/bin/386/httpd -suM -p443 -c/sys/lib/ssl/cert.pemwhere
web-passwd
is a path to password file that enables user bootes
to become user web
. The file will be created using web's password xxxxx:echo -n xxxxx >web-passwd
/rc/bin/cpurc
Here is mine:cp $home/private/web.factotum /mnt/factotum/ctl b=/usr/local/bin/$cputype c=/sys/lib/ssl/cert.pem p=$home/private/web-passwd r=$home/private/ssl/key.pem.factotum $b/mon -du web -p $p $b/httpd -suM $b/mon -du web -p $p -r $r $b/httpd -suM -p443 -c $cPut these lines to your
/rc/bin/cpurc
and modify if necessary.
Now running
Pegasus HTTPS service is running since 30 August 2002. Try:https://plan9.aichi-u.ac.jp