Setting Up SSL In Linux
Clone this wiki locally
DOCS HAVE MOVED
This wiki is no longer maintained and should not be used. Read the Event Store docs at docs.geteventstore.com.
The latest version of the page you are currently viewing is available here.
Setting up SSL in linux is the same as setting up any mono httplistener in linux for SSL. Numerous examples of this can be found online. We have copy/pasted one that we tested to work out. This methodology will likely work for other systems such as openbsd as well.
###Create a key file:
$openssl genrsa -des3 -out yourdomain.pem 2048
###Optionally remove the password:
$openssl rsa -in yourdomain.pem -out yourdomain.pem.nopass
###Create the certificate signing request.
Your certificate provider should have some instructions on what goes in each fields, but generally the domain name you want to secure goes in the Common Name field:
$openssl req -new -key yourdomain.pem.nopass -out yourdomain.csr
###Register the Certificate
Once you have the cert file. For example yourdomain.crt you must register the crt using the Mono utility httpcfg. But first, you must convert your key file to the Microsoft Format .pvk or you will get this error: "error loading certificate or private key"
pvktool can be downloaded to convert it. You can find that here: http://www.drh-consultancy.demon.co.uk/pvk.html
Once you have it (either on Windows or Linux) run: pvk -in yourdomain.pem.nopass -topvk -nocrypt -out yourdomain.pvk
###Register with httpcfg
$httpcfg -add -port 443 -pvk yourdomain.pvk -cert yourdomain.crt
To see the current registrations: $httpcfg -list
Now run the Event Store on port 443.