How do I create a secure (SSL/Certified) inbound connection to Monetra?

First, make sure you have OpenSSL installed (via RPM or source from www.openssl.org). Once OpenSSL is installed, create the certificate as you would for an Apache SSL server:

  1. Generate the private key openssl genrsa 2048 > www.mydomain.com.key
  2. Generate a CSR from your key openssl req -new -sha256 -key www.mydomain.com.key > www.mydomain.com.csr
  3. Generate a self-signed certificate openssl req -x509 -key www.mydomain.com.key -in www.mydomain.com.csr > www.mydomain.com.crt

You may use the self-signed certificate www.mydomain.com.crt to run the Monetra engine, but it is recommended that you purchase a signed certificate from Thawte or Verisign. You will be required to send the the www.mydomain.com.csr that you generated in Step 2. When you receive your certificate, install it in place of your self-signed cert, and restart the Monetra engine.

Make sure your Key and Certificate are viewable only to the monetra user. Anyone who obtains the Key and Certificate would be able to "impersonate" you!

Note: Both the .key and .crt must be configured in the /etc/monetra/prefs.conf file for SSL communication to take place (of course unless you created a combined key/crt not discussed here)