CP+ 2.x Documentation Installation And Maintenance  

SSL Configuration

Related Docs:   STunnel Setup

 

When you use CP+ remotely, your browser exchanges your login data with the server. Passed without encryption, this data can be intercepted by attackers with access to en route networks. This document explains how to encrypt CP+ network traffic with SSL.

To install SSL, follow these steps:

  1. Download the OpenSSL library
    OpenSSL is a C library that provides the underlying SSL functions used by CP+ and many other programs. It is available in RPM format and as a .tar.gz file. When installing from the RPM, you may also need the development RPM in order to compile Net::SSLeay.
    Most Linux and BSD distributions now come with OpenSSL RPMs that are installed as standard or available on the CD. If your distribution has openssl and possibily openssl-devel packages, use them instead.
  2. Install the OpenSSL library
    If you are installing from the RPM, run the commands :
      rpm -i openssl-0.x.y.rpm
      rpm -i openssl-devel-0.x.y.rpm

    If installing from the source, you will need to compile and install it with the commands:
      tar xvzf openssl-0.x.y.tar.gz
      cd openssl-0.x.y
      ./Configure     (or ./config in new OpenSSL versions)
      make
      make install

  3. Download the Net::SSLeay Perl module
    Net::SSLeay is a module that allows Perl scripts to call the functions in the OpenSSL library. It is available in .tar.gz format from the CP+ site or from the CPAN Perl module archive.
    Alternately, you can use the Perl Modules module in CP+ to download an install Net::SSLeay from CPAN. If this works OK, the next step can be skipped.
    Some Linux distributions come with an RPM package containing this Perl module, often named perl-Net-SSLeay. If one is available, install it instead of compiling the module manually. You may also be able to find a suitable package at rpmfind.net if your distribution doesn't include one. However, be aware that any Perl module in RPM format must have been built for the same version of Perl that you are running, or it won't work.
  4. Install the Net::SSLeay module
    To install the module, use the commands :
      tar xvzf Net_SSLeay.pm-x.yy.tar.gz
      cd Net_SSLeay.pm-x.yy
      perl Makefile.PL
      make install
    If you have installed OpenSSL from the RPM, you may need to run perl Makefile.PL /usr in order to find the OpenSSL library properly.
  5. Test the SSL install
    If the command perl -e 'use Net::SSLeay' doesn't output any error message, then the SSL support that CP+ needs is properly installed.
  6. If CP+ is not installed yet, install it
    If you install SSL support first, when CP+ setup.sh script is run it will ask you if you want to enable SSL. Just enter y. The RPM version of CP+ will always automaticlly use SSL mode if possible.
  7. If CP+ is already installed, turn on SSL
    In the CP+ Configuration module (under the Server Managment category) an icon for SSL Encryption should appear. Click on it, and change the SSL option from Disabled to Enabled.

Warning: If you enable SSL support in CP+, make sure to enable SSL support in your browser (such as Netscape and IE). If not, you won't be able to access the CP+ server. If there is a firewall or a proxy between your local machine and the CP+ server, check that it allows SSL requests to pass through as well.


Related Docs:   STunnel Setup

Home   Features   Pricing   Resellers   Docs   News   Contact
© Copyright 1998-2006. Positive Software Corporation.
All rights reserved.
Disclaimer