NetSUS - SSL to deliver updates?

iannufc
New Contributor

Hi.

We have an SSL cert installed on our NetSUS appliance, which protects the management interface. However, we would like to deliver software updates over SSL, using the NetSUS appliance. Is this possible - I notice that when the URLs to the catalogs no longer display when you prefix them with https://

Has anyone managed to achieve this?

Thanks,

Ian

1 ACCEPTED SOLUTION

bofh
New Contributor III

edit /etc/apache/sites-availabe/default

here a few lines you need to change

# Change port to 443
<VirtualHost the.machines.hostname:443>
# add this, change it to match the paths your ssl cert+priv key have, probably you will need some finetuning on ssl settings (SSLProtocol + SSLCiphers)
    SSLEngine on
    SSLCertificateFile      /etc/ssl/private/hostname.pem
    SSLCertificateKeyFile   /etc/ssl/private/hostname.key
    SSLCertificateChainFile /etc/ssl/private/certchain.crt
    SSLProtocol All -SSLv2 -SSLv3

and dont forget to set your clients to use https://the.machines.hostname/ instead of http://

And dont change the settings for the netboot "site", as netboot will only work with http / nfs.

View solution in original post

3 REPLIES 3

bofh
New Contributor III

edit /etc/apache/sites-availabe/default

here a few lines you need to change

# Change port to 443
<VirtualHost the.machines.hostname:443>
# add this, change it to match the paths your ssl cert+priv key have, probably you will need some finetuning on ssl settings (SSLProtocol + SSLCiphers)
    SSLEngine on
    SSLCertificateFile      /etc/ssl/private/hostname.pem
    SSLCertificateKeyFile   /etc/ssl/private/hostname.key
    SSLCertificateChainFile /etc/ssl/private/certchain.crt
    SSLProtocol All -SSLv2 -SSLv3

and dont forget to set your clients to use https://the.machines.hostname/ instead of http://

And dont change the settings for the netboot "site", as netboot will only work with http / nfs.

View solution in original post

Berrier
Contributor

Hey @iannufc, do you have any documentation you can share on requesting and installing the Cert on the NetSUS management interface? I've installed NetSUS on a CentOS 7 VM for use in my test lab, and I'd like to add a cert from our internal PKI. Naturally, the NetSUS docs are super light and offer no instructions on how to generate the CSR, etc.

Thanks!

iannufc
New Contributor

Hi Berrier, I don't have any ready as I am still drawing them up. I can probably send an excerpt of our ssl.conf and httpd.conf though, if that helps?