Configuring SSL in Scrutinizer

Enabling and disabling SSL support in Scrutinizer is done within the interactive scrut_util shell. It only works with the local Apache Server bundled with Scrutinizer.

Important

Scrutinizer AMIs come with a self-signed certificate. Disable SSL prior to creating a new certificate request.

To open the interactive scrut_util, use the following command:

/home/plixer/scrutinizer/bin/scrut_util**

The Scrutinizer prompt will then display:

SCRUTINIZER>

Enabling SSL

To enable SSL, at the Scrutinizer prompt, enter:

SCRUTINIZER> set ssl on

Warning

This command will alter Scrutinizer’s operations. Please use with caution. Scrutinizer will then issue the following prompt for these mandatory fields:

Enter the secure tcp port to be used. ex: 443

Enter the two-letter abbreviation for the desired country. ex: US

Enter the state/province of the organization. ex: Maine

Enter the city of the organization. ex: Kennebunk

Enter the name of the organization. ex: Plixer

Enter the contact email address. ex: name@company.com

Enter the server name or IP of the Scrutinizer server.

ex: 1.2.3.4 or scrutinizer.company.com

Enter the key encryption size. [2048|4096] ex: 2048

Name Field

Explanation

Country Name

The two-letter ISO abbreviation for the desired country

example: US = United States

State / Province

The state/province where the organization is located. Do not abbreviate.

example: Maine

City / Locality

The city where the organization is located.

example: Kennebunk

Organization

The exact legal name of the organization. Do not abbreviate.

example: Plixer

Email Address

The email address for the CA (who to contact)

example: someone@your.domain

Common Name

URL to attach to the certificate

example: 10.1.1.10 or scrutinizer.company.com

Key Size

2048, 4096

example: 2048

Note

The optional argument ‘ecc’ can be used if you would like to generate a 256b Elliptical Curve public/private key pair.

Creating a signed certificate

Important

Scrutinizer AMIs come with a self-signed certificate. To create a new certificate request, disable SSL using the interactive scrut_util set ssl off command.

  1. Enable SSL by running ssl on as described above.

  2. Send the /etc/pki/tls/private/ca.csr file to the Certificate Authority (CA) and ask them to sign it and return it as base 64 encoded and not DER encoded.

  3. When the signed SSL cert is received, stop the apache service within interactive scrut_util:

SCRUTINIZER> services httpd stop

  1. Replace the active SSL Cert with the new one and rename the file to /etc/pki/tls/certs/ca.crt

  2. Start the apache service.

SCRUTINIZER> services httpd start

Disabling SSL

To disable SSL, at the Scrutinizer prompt, enter:

SCRUTINIZER> set ssl off