JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Copying and Creating Package Repositories in Oracle® Solaris 11.2
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Using This Documentation

Chapter 1 Image Packaging System Package Repositories

Chapter 2 Copying IPS Package Repositories

Chapter 3 Providing Access To Your Repository

Chapter 4 Maintaining Your Local IPS Package Repository

Chapter 5 Running the Depot Server Behind a Web Server

Depot Server Apache Configuration

Required Apache Configuration Setting

Recommended Generic Apache Configuration Settings

Configuring Caching for the Depot Server

Cache Considerations for the Catalog Attributes File

Cache Considerations for Search

Configuring a Simple Prefixed Proxy

Multiple Repositories Under One Domain

Configuring Load Balancing

One Repository Server With Load Balancing

One Load-Balanced and One Non-Load-Balanced Repository Server

Configuring HTTPS Repository Access

Creating a Keystore

Creating a Certificate Authority for Client Certificates

Creating Client Certificates Used for Accessing the Repository

Generating a Certificate Signing Request

Signing the CSR

Extracting the Certificate Key

Enabling Client Systems to Access the Protected Repository

Add SSL Configuration to the Apache Configuration File

Creating a Self-Signed Server Certificate Authority

Creating a PKCS12 Keystore to Access a Secure Repository With Firefox

Complete Secure Repositories Example

How to Configure Secure Repositories

Index

Configuring HTTPS Repository Access

Any client can download packages from a repository that is configured to serve packages over HTTP. In some cases, you need to restrict access. One way to restrict access to the repository is to run the depot server behind an SSL-enabled Apache instance that supports client certificates.

Using SSL provides the following benefits:

To set up a secure repository server, you must create a custom certificate chain:

  1. Create a certificate authority (CA), which is the head of the certificate chain.

  2. Issue certificates from this CA to the clients that are allowed to access the repository.

One copy of the CA is stored on the repository server. Whenever a client presents a certificate to the server, that client certificate is verified against the CA on the server to determine whether to grant access.

This section describes the following steps to create the certificate chain and configure the Apache front end to verify client certificates:

For information about Apache web server privileges in Oracle Solaris, see Locking Down Resources by Using Extended Privileges in Securing Users and Processes in Oracle Solaris 11.2 .