https://vistapedia.com/index.php?action=history&feed=atom&title=M_Web_Server%2FEnabling_TLSM Web Server/Enabling TLS - Revision history2026-05-05T16:09:33ZRevision history for this page on the wikiMediaWiki 1.43.0https://vistapedia.com/index.php?title=M_Web_Server/Enabling_TLS&diff=17458&oldid=prevDavidWhitten: Created page with "<pre> Here's how to turn on TLS on GT.M/YDB: There is precious little documentation on doing it: 1. As root, go to the install dir of GTM/YDB, then plugin, then gtmcrypt: c..."2018-05-07T12:24:56Z<p>Created page with "<pre> Here's how to turn on TLS on GT.M/YDB: There is precious little documentation on doing it: 1. As root, go to the install dir of GTM/YDB, then plugin, then gtmcrypt: c..."</p>
<p><b>New page</b></p><div><pre><br />
Here's how to turn on TLS on GT.M/YDB: There is precious little documentation on doing it:<br />
<br />
1. As root, go to the install dir of GTM/YDB, then plugin, then gtmcrypt:<br />
cd $gtm_dist/plugin/gtmcrypt.<br />
<br />
2. Extract source.tar:<br />
tar x < source.tar<br />
<br />
3. You will need to compile some files. Before doing that, make sure<br />
you openssl-dev, libconfig-dev, and gpgme-dev libraries are installed.<br />
<br />
You may need more, but that's what I figured out right now.<br />
<br />
4. login to root account, (to allow installing of libraries)<br />
<br />
5. define the gtm_dist environment variable then call simple make<br />
gtm_dist=../.. make<br />
6. define the gtm_dist environment variable then call make install to enable installation of libraries<br />
<br />
gtm_dist=../.. make install<br />
<br />
Log out of root; and go back to your application directory.<br />
<br />
mkdir certs<br />
<br />
7. Create your certificate with a key that has a password. I know from<br />
previous interaction with the GT.M developers is that they don't allow<br />
passwordless keys for business reasons. Here's is how I did it; but<br />
you may already have a certificate. I moved all the files into a cert<br />
directory after this.<br />
<br />
# openssl genrsa -aes128 -passout pass:monkey1234 -out ./mycert.key 2048<br />
# openssl req -new -key ./mycert.key -passin pass:monkey1234 -subj '/C=US/ST=Washington/L=Seattle/CN=www.smh101.com' -out ./mycert.csr<br />
# openssl req -x509 -days 365 -sha256 -in ./mycert.csr -key<br />
.//mycert.key -passin pass:monkey1234 -out ./mycert.pem<br />
# mv cert* certs/<br />
<br />
8. Create a file (name doesn't matter) called<br />
gtmcrypt_config.libconfig with the following contents. Note the<br />
section called dev. This can be called anything. It lets you put a<br />
pair of cert/key for each environment you need to configure.<br />
<br />
tls: {<br />
dev: {<br />
format: "PEM";<br />
cert: "/home/sam/workspace/db/foia201712/certs/mycert.pem";<br />
key: "/home/sam/workspace/db/foia201712/certs/mycert.key";<br />
}<br />
}<br />
<br />
9. In your file that sets up the GT.M environment, add set the env<br />
variable gtmcrypt_config to be the path to your config file:<br />
export gtmcrypt_config="$vista_home/gtmcrypt_config.libconfig"<br />
<br />
10. Find out the hash of your key password using the maskpass utility.<br />
For example, for me it's:<br />
gtm_dist/plugin/gtmcrypt/maskpass <<< 'monkey1234' | cut -d ":" -f2 | tr -d ' 7064420FDCAEE313B222<br />
<br />
11. In your environment file, gtmtls_passwd_{section name} to be that hash.<br />
For me (Sam Habiel), it's:<br />
export gtmtls_passwd_dev="7064420FDCAEE313B222"<br />
<br />
12. Start the M Web server with the config name ("dev") like this:<br />
D JOB^VPRJREQ(9081,"dev")<br />
<br />
At this point, if you go to your browser and type the address:<br />
https://localhost:9081<br />
you should be able to see the web pages via TLS<br />
</pre></div>DavidWhitten