SSL configuration¶
Enabling and disabling SSL support in Scrutinizer is done within the interactive scrut_util shell. It only works with the local Apache Server bundled with Scrutinizer.
Important
Scrutinizer AMIs come with a self-signed certificate. Disable SSL prior to creating a new certificate request.
To open the interactive scrut_util, use the following command:
/home/plixer/scrutinizer/bin/scrut_util**
The Scrutinizer prompt will then display:
SCRUTINIZER>
Enabling SSL¶
To enable SSL, at the Scrutinizer prompt, enter:
SCRUTINIZER> set ssl on
Warning
This command will alter Scrutinizer’s operations. Please use with caution. Scrutinizer will then issue the following prompt for these mandatory fields:
Enter the secure tcp port to be used. ex: 443
Enter the two-letter abbreviation for the desired country. ex: US
Enter the state/province of the organization. ex: Maine
Enter the city of the organization. ex: Kennebunk
Enter the name of the organization. ex: Plixer
Enter the contact email address. ex: name@company.com
Enter the server name or IP of the Scrutinizer server.
ex: 1.2.3.4 or scrutinizer.company.com
Enter the key encryption size. [2048|4096] ex: 2048
| Name Field | Explanation |
|---|---|
| Country Name | The two-letter ISO abbreviation for the desired country example: US = United States |
| State / Province | The state/province where the organization is located. Do not abbreviate. example: Maine |
| City / Locality | The city where the organization is located. example: Kennebunk |
| Organization | The exact legal name of the organization. Do not abbreviate. example: Plixer |
| Email Address | The email address for the CA (who to contact) example: someone@your.domain |
| Common Name | URL to attach to the certificate example: 10.1.1.10 or scrutinizer.company.com |
| Key Size | 2048, 4096 example: 2048 |
Note
The optional argument ‘ecc’ can be used if you would like to generate a 256b Elliptical Curve public/private key pair.
Creating a signed certificate¶
Important
Scrutinizer AMIs come with a self-signed certificate. To create a new certificate request, disable SSL using the interactive scrut_util set ssl off command.
- Enable SSL by running ssl on as described above.
- Send the /etc/pki/tls/private/ca.csr file to the Certificate Authority (CA) and ask them to sign it and return it as base 64 encoded and not DER encoded.
- When the signed SSL cert is received, stop the apache service within interactive scrut_util:
SCRUTINIZER> services httpd stop
- Replace the active SSL Cert with the new one and rename the file to /etc/pki/tls/certs/ca.crt
- Start the apache service.
SCRUTINIZER> services httpd start