Help

NetSUS - SSL to deliver updates?

Go to solution
iannufc
New Contributor

Posted on ‎03-09-2016 03:22 AM

Hi.

We have an SSL cert installed on our NetSUS appliance, which protects the management interface. However, we would like to deliver software updates over SSL, using the NetSUS appliance. Is this possible - I notice that when the URLs to the catalogs no longer display when you prefix them with https://

Has anyone managed to achieve this?

Thanks,

Ian

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
bofh
New Contributor III

Posted on ‎03-12-2016 04:24 AM

edit /etc/apache/sites-availabe/default

here a few lines you need to change

# Change port to 443
<VirtualHost the.machines.hostname:443>
# add this, change it to match the paths your ssl cert+priv key have, probably you will need some finetuning on ssl settings (SSLProtocol + SSLCiphers)
    SSLEngine on
    SSLCertificateFile      /etc/ssl/private/hostname.pem
    SSLCertificateKeyFile   /etc/ssl/private/hostname.key
    SSLCertificateChainFile /etc/ssl/private/certchain.crt
    SSLProtocol All -SSLv2 -SSLv3

and dont forget to set your clients to use https://the.machines.hostname/ instead of http://

And dont change the settings for the netboot "site", as netboot will only work with http / nfs.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
bofh
New Contributor III

Posted on ‎03-12-2016 04:24 AM

edit /etc/apache/sites-availabe/default

here a few lines you need to change

# Change port to 443
<VirtualHost the.machines.hostname:443>
# add this, change it to match the paths your ssl cert+priv key have, probably you will need some finetuning on ssl settings (SSLProtocol + SSLCiphers)
    SSLEngine on
    SSLCertificateFile      /etc/ssl/private/hostname.pem
    SSLCertificateKeyFile   /etc/ssl/private/hostname.key
    SSLCertificateChainFile /etc/ssl/private/certchain.crt
    SSLProtocol All -SSLv2 -SSLv3

and dont forget to set your clients to use https://the.machines.hostname/ instead of http://

And dont change the settings for the netboot "site", as netboot will only work with http / nfs.

0 Kudos

Go to solution
flyboy
Contributor

Posted on ‎03-21-2016 07:59 AM

Hey @iannufc, do you have any documentation you can share on requesting and installing the Cert on the NetSUS management interface? I've installed NetSUS on a CentOS 7 VM for use in my test lab, and I'd like to add a cert from our internal PKI. Naturally, the NetSUS docs are super light and offer no instructions on how to generate the CSR, etc.

Thanks!

0 Kudos

Go to solution
iannufc
New Contributor

Posted on ‎03-21-2016 08:05 AM

Hi Berrier, I don't have any ready as I am still drawing them up. I can probably send an excerpt of our ssl.conf and httpd.conf though, if that helps?

0 Kudos