Encrypting the Control Interface
If you operate dsTest remotely without a VPN connection - when dsTest is running in AWS, for example - you can enable SSL on dsTest's Control Interface by following the instructions below. You will also need to select XML/SSL/TCP in dsClient Desktop's server definition to enable SSL on the client side. If you use dsClient Terminal to connect to a remote dsTest instance, include the -z option as well as -d.
Enabling SSL
dsTest will require SSL on its Control Interface for XML or REST messaging when the appropriately named certificate and key files are present in the /usr/local/devsol/dsTest/ssl directory when dsTest starts. devsol users have permissions necessary to manage these files.
Enable XML/SSL/TCP: requires a certificate file named control_cert.pem and a key file named control_key.pem
Enable HTTPS for the RESTful API: requires a certificate file named rest_control_cert.pem and a key file named rest_control_key.pem
We provide two self-signed certificates with associated key files - default_cert.pem/default_key.pem and default_cert2.pem/default_key2.pem. You can simple rename these files as needed or provide your own certificate and key files.
You can also generate new files if desired using OpenSSL:
openssl req -x509 -nodes -newkey rsa:1024 -keyout <key file name>.pem -out <certificate file name>.pem
Disabling SSL
Either delete or rename the applicable certificate and key files, and then start/restart dsTest.