sslexplorer on ubuntu server 8.04 – all cli
The new sslexplorer gui installer works great but what if you want it to run on a server without the desktop
Note – before you start
- Many of the commands below will run from cli as non root but will give you an error until later, to avoid this during this installation run “sudo -i” each time you start a session with the server during install. Issue of this are, write errors, cant start web server on port lower than 1024, …
- All terminal commands below are in boxes
Default 8.04 ubuntu server
- add sshd
Install java and unzip
apt-get install sun-java5-jdk unzip
Patch server and reboot for clean start
apt-get update
apt-get upgrade
reboot
Download sslexplorer (not the gui one)
wget http://download.3sp.com/appstore/files/sslexplorer_unix.zip
- if link above is bad then make your own, view source on http://3sp.com/showSslExplorer.do
- grab a coffee, 42mb from a slow server
Unzip and untar download file
unzip sslexplorer_unix.zip
- zip file has tar file of sslexplorer and pdf of unix installer
tar -zxvf sslexplorer_unix.tar.gz
Install the service
cd sslexplorer/install/platforms/linux/
./install-service -j /usr/lib/jvm/java-1.5.0-sun
- you can also ditch the -j option and set JAVA_HOME for this app to run
- if it works you should get something like this….
Detecting Java
Using /usr/lib/jvm/java-1.5.0-sun
Detected OS debian (x86)
Adding system startup for /etc/init.d/sslexplorer …
/etc/rc0.d/K20sslexplorer -> ../init.d/sslexplorer
/etc/rc1.d/K20sslexplorer -> ../init.d/sslexplorer
/etc/rc6.d/K20sslexplorer -> ../init.d/sslexplorer
/etc/rc2.d/S20sslexplorer -> ../init.d/sslexplorer
/etc/rc3.d/S20sslexplorer -> ../init.d/sslexplorer
/etc/rc4.d/S20sslexplorer -> ../init.d/sslexplorer
/etc/rc5.d/S20sslexplorer -> ../init.d/sslexplorer
Service installed
Go back to the root of the sslexplorer folder and start installer
./install-sslexplorer
- it will fire up the temp page on http://server_ip:28080
- go there in your browser and run the wizard
- if you need help on wizard check the pdf that came with installer
Go back to shell and check service status
/etc/init.d/sslexplorer status
- it will probably not be started so start it up
/etc/init.d/sslexplorer start
- give it a sec and go to the page – https://your_ip , if you have a login prompt you are good to go.
Thank you very much for the very useful information. I used your guide for a production deployment of SSL-Explorer on Ubuntu 8.04.
For anyone that will be syncing SSL-Explorer with Active Directory and have deployments on the East Coast, be careful of EDT (Eastern Daylight Time) and EST (Eastern Standard Time). If you do not use a NTP server, the default time configuration in Ubuntu server does not account for daylight-savings time. This will cause SSL-Explorer to generate “Time Skew Too Great” errors in which you will not be able to connect to the AD database or the SSL-Explorer service will fail. Unfortunately, I discovered this after my deployment.
Note that SSL-Explorer and AD time has to be synced to a skew no greater than 1 minute.
This is what I did before installing SSL-Explorer to fix the problem:
1. sudo apt-get install ntp
2. use the “date” command and compare the results to the AD domain time.
3. sudo vi /etc/ntp.conf
4. Replace the ntp.ubuntu.com line with my DC time server.
5. Reboot and use the “date” command again and make sure that the time is synced with the AD domain time.
This information might be obvious for the seasoned Linux pros out there (which I am not) but I hope this information is helpful.