FreezerPro SSL Keys, and YOU!
This documentation exists to walk new and experienced users of Linux how to create and place the SSL
key into a FreezerPro VM. This documentation assumes the usage of a Windows PC, a basic
understanding of virtual machines, basic understanding of loading a linux OS onto/into a virtual
machine, and the ability to utilize a monitor, a keyboard, and mouse.
Necessary Hardware and Software
1. A Windows PC (Windows 7 was used for the creation of this documentation)
2. FreezerPro (FreezerPro 7.1.5 was used for this documentation)
3. A virtual machine (VM) to host FreezerPro (VMware Player was used for the creation of this
documentation)
4. A linux machine/box (CentOS 7.2.1511 running inside VMware Player) was used for this
documentation)
It (or a more recent version) can be downloaded here: https://www.centos.org/
5. PSCP (an SCP client)
It can be downloaded here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
1
Let’s Begin!
1. Open CentOS in in the VM and type in what you see below. (We are using a VM because we are on a
Windows PC). Please note that linux commands are case sensitive.
sudo openssl genrsa –des3 –out server.key 1024
Hit the ENTER key on the keyboard.
2
2. The command prompt will ask for a sudo (Super User DO) password for the named CentOS machine
that you would have set up during the initial installation of CentOS inside the VM. In our case:
CentOS machine name = support
CentOS machine password = support
Yours will vary depending on what name and password were chosen.
3
3. Type in the password, noting that you will not see characters in the command prompt while typing it
in and hit the ENTER key on your keyboard. You should see this:
4
4. You must add a pass phrase (it is a password) for the server key. Be sure to note this phrase carefully,
because if you forget it or lose it, you will not be able to access the certificate. The password used for
this documentation was password_1. As before, you will not see characters as you type the pass phrase
into the command prompt. Hit the ENTER key on your keyboard. You should see this:
5
5. Enter the password again and you will see this:
6
6. You will then create the certificate signing request. Type in:
sudo openssl req –new –key server.key –out server.csr
Hit the ENTER key. You should see this:
7
7. Enter the pass phrase a second time. As before, you will not see characters as you type the pass
phrase into the command prompt. Hit the ENTER key on your keyboard. You should see this:
8
8. Enter the pass phrase again and you should see this:
9
9. This command will prompt the terminal to display a lists of fields that need to be filled in.
The most important line is “Common Name”. Enter the official domain name here, or if you don’t have
one, use your VM IP address. Leave the challenge password and optional company name blank. An
example of the dialog session is shown below:
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields, there will be a default value.
If you enter ‘.’, the field will be left blank.
_____
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Maryland
Locality Name (e.g., city)[]:Frederick
Organization Name (e.g., company) [Internet Widgets Lts]:Awesome Inc
Organizational Unit Name (e.g., section)[]:Department of Enlightenment
Common Name (e.g., server FQDN or YOUR name) []:example.com
Email Address []:[email protected]
10
Hit the ENTER key.
10. You should see the screen below and be asked for a challenge password. For the purpose of this
document, password_1 was used.
Hit the ENTER key.
11
11. Add the password, then hit the ENTER key:
12
12. An optional company name []: was not added. Hit the ENTER key. This brings us back to the
command prompt:
13
13. Remove the Passphrase
It would serve well to remove the passphrase. Although having the passphrase in place does provide
heightened security, there is an issue when one tries to reload the web-server. In the event that webserver crashes or needs to reboot, it would be always necessary to re-enter the passphrase to get the
server back online.
Use commands below to remove the password:
sudo cp server.key server.key.org
Type in the CentOS machine password when prompted.
sudo openssl rsa –in server.key.org -out server.key
Type in the pass phrase when prompted.
You should then see this screen:
14
14. Then, use the script below to self-sign the certificate:
sudo openssl x509 –req –days 365 –in server.csr –signkey server.key –out server.crt
Hit the ENTER key.
15. You should see this screen stating it is Getting Private Key :
15
16. This step is optional, though will allow you to see the files that have just been generated. Type ll and
hit the ENTER key to view the files that were just generated.
17. From here you must rename the file server.crt to fpssl.crt and rename the file server.key to fpssl.key.
To do this type mv server.crt fpssl.crt and hit ENTER. Then, type mv server.key fpssl.key and hit ENTER.
You will see this on the screen:
16
18. Type clear for a blank terminal screen and hit ENTER.
19. Type ll to view the files that were just renamed.
17
20. Now open up the Windows command prompt, navigate to the directory containing pscp.exe, and
type pscpe.exe. You should see this screen confirming it is on your Windows system:
18
21. To be sure CentOs has ssh installed and running (default) type in /bin/service sshd status. You should
see this screen.
19
22. If you see the previous screen, disregard this step and proceed. If you do not, please type in
/sbin/service sshd start
Type in the password (on this system it is support) to start ssh
20
23. Type ifconfig into CentOs to determine your ipv4 address. On this system, it is 192.168.2.220
21
24. Navigate back to the Windows Terminal and type in the correct path. In this case it is
pscp.exe [email protected]:/home/support/fpssl.crt C:/Users/Josh/Desktop
Explanation:
pscp.exe the CentOS machine @ its address:/the path to the file C:/where I want to file to go
22
25. You should now see the fpssl.crt file on your Windows desktop:
26. Staying in the Windows Terminal, now type in the correct path for the other file. In this case it is
pscp.exe [email protected]:/home/support/fpssl.key C:/Users/Josh/Desktop
Explanation:
pscp.exe the CentOS machine @ its address:/the path to the file C:/where I want to file to go
23
27. You should now see the fpssl.key file on your Windows desktop:
28. Navigate to the FreezerPro VM to obtain its IPv4 address. In this case it is 192.168.2.223
24
29. Navigate to More Settings in the FreezerPro VM and hit the Enter key.
25
30. Navigate to SSH server
start/stop SSH server and hit the Enter key.
26
31. Hit the Enter Key to start the SSH server.
27
32. Now that we have moved the files from the CentOs machine to the Windows machine, and started
the SSH server in the FreezerPro VM, we need to get the files into the FreezerPro VM. Still within the
Windows command prompt, type pscp.exe C:\Users\Josh\Desktop\fpssl.crt
[email protected]:/home/test/
For the purpose of testing the VM was restarted and a new IPv4 address was given. Most likely, you will
not have different IPv4 addresses when using the guide to create and upload the keys.
Click y and hit the Enter key.
28
33. You may be required to retype
pscp.exe C:\Users\Josh\Desktop\fpssl.crt [email protected]:/home/test/
then hit the Enter key.
Then enter the freezerpro VM password test_on_freezerpro
You will see this screen showing the file has been transferred:
29
34. Now we will transfer fpssl.key the same way by typing
pscp.exe C:\Users\Josh\Desktop\fpssl.key [email protected]:/home/test/
then hit the Enter key.
Then enter the freezerpro VM password test_on_freezerpro
You will see this screen showing the file has been transferred:
30
35. To make sure the files have been transferred, go into the FreezerPro Linux VM and type ll
We can see that both fpssl.crt and fpssl.key are in the FreezerPro Linux VM.
31
36. In the FreezerPro VM hold Ctrl and Alt and hit the F1 key to come back to the FreezerPro Linux VM
front end:
32
37. Navigate to More Settings and hit the Enter key to see this screen:
33
38. Then Navigate to SSL Settings and hit the Enter key to see this screen:
Enter this information:
Host: The IPv4 address of your FreezerPro Linux VM instance.
Port: 22
Login: test
Password: test_on_freezerpro
Path: /home/test
Then navigate to Test Connection and hit the Enter button.
34
39. You should see this screen stating that the Connection Succeeded:
Hit the Enter key to return to the previous screen.
35
40. Navigate to OK, and hit the Enter Key:
36
41. The FreezerPro Linux VM should flash to the backend quickly and then return to the welcome screen
showing https instead of http:
37
42. Now, when pointing your browser at the VM you will see https instead of http. You are using SSL!
Please note that should you decide to purchase and use a 3rd party certificate signed by a Certificate
Authority (CA) the same process can be used to move the certificate and the key from a Linux machine
to a Windows machine and into FreezerPro.
38