Configuring SSL in Scrutinizer¶
Enabling and disabling SSL support in Scrutinizer is done within the interactive scrut_util.exe shell. It only works with the local Apache Server bundled with Scrutinizer.
Scrutinizer AMIs come with a self-signed certificate. Disable SSL prior to creating a new certificate request.
To open the interactive scrut_util.exe, use the following command:
The Scrutinizer prompt will then display:
To enable SSL, at the Scrutinizer prompt, enter:
SCRUTINIZER> set ssl on
This command will alter Scrutinizer’s operations. Please use with caution. Scrutinizer will then issue the following prompt for these mandatory fields:
Enter the secure tcp port to be used. ex: 443
Enter the two-letter abbreviation for the desired country. ex: US
Enter the state/province of the organization. ex: Maine
Enter the city of the organization. ex: Kennebunk
Enter the name of the organization. ex: Plixer
Enter the contact email address. ex: firstname.lastname@example.org
Enter the server name or IP of the Scrutinizer server.
ex: 126.96.36.199 or scrutinizer.company.com
Enter the key encryption size. [2048|4096] ex: 2048
The two-letter ISO abbreviation for the desired country
example: US = United States
|State / Province||
The state/province where the organization is located. Do not abbreviate.
|City / Locality||
The city where the organization is located.
The exact legal name of the organization. Do not abbreviate.
The email address for the CA (who to contact)
URL to attach to the certificate
example: 10.1.1.10 or scrutinizer.company.com
The optional argument ‘ecc’ can be used if you would like to generate a 256b Elliptical Curve public/private key pair.
Creating a signed certificate¶
Scrutinizer AMIs come with a self-signed certificate. To create a new certificate request, disable SSL using the interactive scrut_util set ssl off command.
- Enable SSL by running ssl on as described above.
- Send the /etc/pki/tls/private/ca.csr file to the Certificate Authority (CA) and ask them to sign it and return it as base 64 encoded and not DER encoded.
- When the signed SSL cert is received, stop the apache service within interactive scrut_util:
SCRUTINIZER> services httpd stop
- Replace the active SSL Cert with the new one and rename the file to /etc/pki/tls/certs/ca.crt
- Start the apache service.
SCRUTINIZER> services httpd start
To disable SSL, at the Scrutinizer prompt, enter:
SCRUTINIZER> set ssl off