Ssl certificates for the RPC Servers

Beunwa's Avatar


05 Sep, 2012 11:50 AM


I'm a bit confused about how to handle and dispatch the ssl certificates for the RPC Servers and RPC clients.
I sawed that there is an autodeploy feature that as disapeared.

Can you please explain quickly where to generate certificates and where to put them ? (assuming I use the HPG on more than three computers)

Thanks in advance


  1. Support Staff 1 Posted by Tasos Laskos on 05 Sep, 2012 03:41 PM

    Tasos Laskos's Avatar

    Sure sure.
    SSL is enabled by default and certs/keys are generated automatically if none have been provided.

    Here are the server components:

    • Dispatcher
    • Instance

    Dispatchers dispatch Instances but you don't need to worry about the latter because the Dispatchers will handle their configuration -- and will pass the same cert/key pair as theirs.

    So in order to configure SSL on the server-side of Arachni (i.e. for a Dispatcher) you do:

    arachni_rpcd --ssl-pkey=path/to/server-private-key.pem --ssl-cert=path/to/server-certificate.pem --ssl-ca=path/to/certificate-authority.pem

    The Dispatcher will then pass the same SSL configuration to the Instances it will spawn.

    After that you need to pass the relevant client configuration to whatever client you're using -- I'm guessing the WebUI since you mentioned the (now removed) AutoDeploy add-on.

    So, update the arachni/conf/webui.yaml file to look like:

            enable: true
            key: path/to/client-private-key.pem
            cert: path/to/client-certificate.pem
            ca: path/to/certificate-authority.pem

    If you need some sample SSL pems to test this out you can use the ones from the specs.

    Lastly, if you want to setup multiple Dispatchers in a High Performance Grid then you'll need to pass a couple more configuration options to the Dispatchers in order to allow them to talk to other Dispatchers to perform negotiations and what not.

    These are the extra options:

    --node-ssl-pkey=path/to/client-private-key.pem --node-ssl-cert=path/to/client-certificate.pem

    Do you need me to clear anything up?

  2. 2 Posted by beunwa on 05 Sep, 2012 05:15 PM

    beunwa's Avatar

    Thanks, I think this will help me.

    I was asking that because I have error while trying to launch a dispatcher on another computer on my local network (encryption problem with event machine)

    I will try again tomorrow at work and let you know.

  3. Support Staff 3 Posted by Tasos Laskos on 05 Sep, 2012 05:16 PM

    Tasos Laskos's Avatar

    It'd help if I could see the error.

  4. 4 Posted by beunwa on 05 Sep, 2012 05:21 PM

    beunwa's Avatar

    sure, sorry but I live in france and have no access to my work computer right now, I will send it tomorrow morning

  5. 5 Posted by Beunwa on 06 Sep, 2012 02:05 PM

    Beunwa's Avatar

    Ok i fixed it.

    the message was terminate called after throwing an instance of 'std::runtime_error' what(): Encryption not available on this event-machine

    this was triggered by two version of event machine in my gem list, once I removed the older one everything is alright.

  6. Tasos Laskos closed this discussion on 06 Sep, 2012 04:03 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac