License administrators are now able to run the RLM web server with SSL certificates, allowing for increased protection though third party identification via web server.
To implement SSL certificates you can instruct RLM to use HTTPS during startup with the command parameters -sslcert and -sslpriv. But note that certificate files cannot be used if password protected.
Example code: rlm ‑sslcert /path/to/cert.pem ‑sslpriv /path/to/privkey.pem
How do I create an SSL Certificate?
There are many ways that you can procure SSL certificates, here are 3 options:
- Purchase it from a certificate provider. These types of certificates are trusted more by OS and browsers.
- Free Services like Let’s Encrypt will provide SSL certificates.
- Create and generate your own. But be warned these self-signed certificates are not trusted by OS or browsers and will display warning messages.
Can’t connect to Web Server after implementing SSL Certificates?
Make sure your connecting your RLM server via HTTP. Your URLs should look like:
-https://hostname:[port-number]
-https://ip-address:[port-number]
Got more questions? Check out our article that guides you through the process: Using SSL Certificates (HTTPS) with RLM
Top comments (1)
Handy guide. The gotcha nobody hits till day 90: Let's Encrypt certs rotate every 3 months, so if rlm can't hot-reload you need a hook to bounce it or HTTPS quietly dies. No-password rule also means stripping the passphrase via openssl rsa first.