Monday, April 18, 2011

How to Generate a SSL certificate for OpenERP

To connect via xml-rpc secure protocol (8071) we need to generate a certificate and a private key file for the OpenERP . Below are the steps which can guide you to achieve this.

Step 1: Create a Directory eg: "SSL" under openerp-server/bin

Step 2: Go to "SSL" directory. cd ssl

Step 3: Generate Private key(pkey) as
execute command :openssl genrsa - des3 -out server.pkey 2048
enter the details that is asked for.

Step 4: Certificate
execute command openssl req-new-key server.pkey -out server.csr
enter details that is asked for.

Step 5: copy the .pkey file:
cp server.pkey server.pkey.org
enter password

Step 6: openssl rsa -in server.pkey.org -out server.pkey

Step 7: Generate CA private key
openssl genrsa - des3 -out ca.pkey 2048
enter password (enter different password then before)

Step 8: Generate a certificate in x509 format
execute: openssl req-new -x509 -days 365 -key ca.pkey -out ca.crt
Enter details that is asked for.

Step 9: sign the pkey
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.pkey
-CAcreateserial -CAserial ca.srl
Enter password same as entered in step 7

Step 10: start openerp server with --cert-file=YOUR .crt FILE PATH --pkey-
file=YOUR pkey FILE PATH

eg: server$ ./openerp-server --addons-path=../openobject-addons/ --cert-
file=bin/ssl/server.crt --pkey-file=bin/ssl/server.pkey


Thanks,
nch(OpenERP)

4 comments:

  1. steps3 => openssl genrsa -des3 -out server.pkey 2048

    steps4 => openssl req -new -key server.pkey -out server.csr

    steps8 => openssl req -new -x509 -days 365 -key ca.pkey -out ca.crt

    ReplyDelete
  2. yes vinay thanks for this but It was originally like this only when I posted this but don't how the blog played with the spaces...


    Thanks

    ReplyDelete
  3. You have described very clearly in step by step manner. I like your blog very much. It is beneficial and technical. I don't know how to thank you...
    Buy domain India

    ReplyDelete
  4. Step 9:

    openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.pkey -CAcreateserial

    ReplyDelete