[Hans]

Falko,

On the Debian server i want to monitor there is ISPConfig installed.
Can i enable SSL and create a certicate via ISPConfig in stead of doing this:

Now we create the certificate like this:

Now we must create the file /var/www/www.example.com/web/monit/token and write some random string into it:

mkdir /var/www/www.example.com/web/monit
echo "hello" > /var/www/www.example.com/web/monit/token

Next we create the pem cert (/var/certs/monit.pem) we need for the SSL-encrypted monit web interface:

mkdir /var/certs
cd /var/certs

We need an OpenSSL configuration file to create our certificate. It can look like this:

vi /var/certs/monit.cnf

# create RSA certs - Server


RANDFILE = ./openssl.rnd


[ req ]

default_bits = 1024

encrypt_key = yes

distinguished_name = req_dn

x509_extensions = cert_type


[ req_dn ]

countryName = Country Name (2 letter code)

countryName_default = MO


stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = Monitoria


localityName = Locality Name (eg, city)

localityName_default = Monittown


organizationName = Organization Name (eg, company)

organizationName_default = Monit Inc.


organizationalUnitName = Organizational Unit Name (eg, section)

organizationalUnitName_default = Dept. of Monitoring Technologies


commonName = Common Name (FQDN of your server)

commonName_default = server.monit.mo


emailAddress = Email Address

emailAddress_default = root@monit.mo


[ cert_type ]

nsCertType = server

Now we create the certificate like this:

openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
openssl gendh 512 >> /var/certs/monit.pem
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
chmod 700 /var/certs/monit.pem


---
Hans