Home → Questions →

Ssl certificates for the RPC Servers

• Edit

Beunwa

05 Sep, 2012 11:50 AM

Hello,

I'm a bit confused about how to handle and dispatch the ssl certificates for the RPC Servers and RPC clients.
I sawed that there is an autodeploy feature that as disapeared.

Can you please explain quickly where to generate certificates and where to put them ? (assuming I use the HPG on more than three computers)

Thanks in advance

Ben

1. Support Staff 1 Posted by Tasos Laskos on 05 Sep, 2012 03:41 PM

   

   Sure sure.
   SSL is enabled by default and certs/keys are generated automatically if none have been provided.

   Here are the server components:

   • Dispatcher
   • Instance

   Dispatchers dispatch Instances but you don't need to worry about the latter because the Dispatchers will handle their configuration -- and will pass the same cert/key pair as theirs.

   So in order to configure SSL on the server-side of Arachni (i.e. for a Dispatcher) you do:

   arachni_rpcd --ssl-pkey=path/to/server-private-key.pem --ssl-cert=path/to/server-certificate.pem --ssl-ca=path/to/certificate-authority.pem
   

   The Dispatcher will then pass the same SSL configuration to the Instances it will spawn.

   After that you need to pass the relevant client configuration to whatever client you're using -- I'm guessing the WebUI since you mentioned the (now removed) AutoDeploy add-on.

   So, update the arachni/conf/webui.yaml file to look like:

   ssl:
       server:
           enable:
           key:
           cert:
           ca:
       client:
           enable: true
           key: path/to/client-private-key.pem
           cert: path/to/client-certificate.pem
           ca: path/to/certificate-authority.pem
   

   If you need some sample SSL pems to test this out you can use the ones from the specs.

   Lastly, if you want to setup multiple Dispatchers in a High Performance Grid then you'll need to pass a couple more configuration options to the Dispatchers in order to allow them to talk to other Dispatchers to perform negotiations and what not.

   These are the extra options:

   --node-ssl-pkey=path/to/client-private-key.pem --node-ssl-cert=path/to/client-certificate.pem
   

   Do you need me to clear anything up?

   • Edit

2. 2 Posted by beunwa on 05 Sep, 2012 05:15 PM

   

   Thanks, I think this will help me.

   I was asking that because I have error while trying to launch a dispatcher on another computer on my local network (encryption problem with event machine)

   I will try again tomorrow at work and let you know.

   • Edit

3. Support Staff 3 Posted by Tasos Laskos on 05 Sep, 2012 05:16 PM

   

   It'd help if I could see the error.

   • Edit

4. 4 Posted by beunwa on 05 Sep, 2012 05:21 PM

   

   sure, sorry but I live in france and have no access to my work computer right now, I will send it tomorrow morning

   • Edit

5. 5 Posted by Beunwa on 06 Sep, 2012 02:05 PM

   

   Ok i fixed it.

   the message was terminate called after throwing an instance of 'std::runtime_error' what(): Encryption not available on this event-machine

   this was triggered by two version of event machine in my gem list, once I removed the older one everything is alright.

   • Edit

6. Tasos Laskos closed this discussion on 06 Sep, 2012 04:03 PM.