From fa4d6817c7af8cdf47ddf400ab26b1fd06a15206 Mon Sep 17 00:00:00 2001 From: Tim Bentley Date: Mon, 31 Aug 2015 08:33:43 +0100 Subject: [PATCH] fix style and add certificate gen --- manual/source/configure.rst | 65 ++++++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 5 deletions(-) diff --git a/manual/source/configure.rst b/manual/source/configure.rst index 4f033dc..5fe04a9 100644 --- a/manual/source/configure.rst +++ b/manual/source/configure.rst @@ -526,17 +526,72 @@ Android app. Server Settings- Secure ^^^^^^^^^^^^^^^^^^^^^^^ -These options are identical in meaning to the ones documented in non_secure_. +These options are identical in meaning to the ones documented in :ref:`non_secure`. The only difference is these require an SSL cetificate to provide the security. -Instructions for creating and installing a certificate are documented at -`Generate SSL certificate `_. +Instructions for creating and installing a certificate are documented in +Generate SSL certificate :ref:`ssl_config`. + *Changing from a Secure to Non Secure setup requires a restart of OpenLP.* User Authentication ^^^^^^^^^^^^^^^^^^^ This option allows the additional security for update functions via the web or -android interfaces. Once the userid and password have been accepted then updates -will be possible for duration of the web session. +android interfaces. Once the userid and password have been accepted then +updates will be possible for duration of the web session. This option can be +changed without the need to restart OpenLP. + +.. _ssl_config: + +Generating and Installing a Certificate +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +To make the Remote access run in a secure manner ssl certificates need to be +provided to OpenLP. This is completely optional. On Linux you will need the +"openssl" package installed. On Mac OS X openssl should be installed by default. +On Windows you will need to download OpenSSL for Windows. + +First create a configuration file for OpenSSL named openlp.cnf:: + + #-------------openssl.cnf---------------- + [ req ] + default_bits = 1024 # Size of keys + default_keyfile = key.pem # name of generated keys + default_md = des3 # message digest algorithm + string_mask = nombstr # permitted characters + distinguished_name = req_distinguished_name + + [ req_distinguished_name ] + # Variable name Prompt string + 0.organizationName = Organization Name (company) + organizationalUnitName = Organizational Unit Name (department, division) + emailAddress = Email Address + emailAddress_max = 40 + localityName = Locality Name (city, district) + stateOrProvinceName = State or Province Name (full name) + countryName = Country Name (2 letter code) + countryName_min = 2 + countryName_max = 2 + commonName = Common Name (hostname, IP, or your name) + commonName_max = 64 + + #-------------------Edit this section------------------------------ + countryName_default = -- + stateOrProvinceName_default = None + localityName_default = Everywhere + 0.organizationName_default = OpenLP + organizationalUnitName_default = Remote + commonName_default = 0.0.0.0 + emailAddress_default = openlp@localhost + +Then generate your keys and certificate:: + + echo openlp | openssl genrsa -passout stdin -des3 -out openlp.key 1024 + cp openlp.key openlp.key.bak + echo openlp | openssl rsa -passin stdin -in openlp.key.bak -out openlp.key + + openssl req -new -key openlp.key -out openlp.csr -config openlp.cnf -batch + openssl x509 -req -days 365 -in openlp.csr -signkey openlp.key -out openlp.crt + +The crt and key files need to then be placed in {data}/remotes directory. Android App ^^^^^^^^^^^