Howto activate SSL connection

Tryton can be configured to use encrypted communication for all of its client protocols: netrpc, XML-RPC and WebDAV. Each of these communcation channels can be switched to use SSL.

While this can be configured independently for each channel, we strongly suggest to switch all channels. Otherwise an eavesdropper would be able to intercept an unencrypted channel and get usernames and passwords.

Dependencies

You need to have this package installed on both systems (server, client):

• OpenSSL

And this one on server:

• pyOpenSSL

Generate a self-signed certificate

If your organization does not have set up a PKI, or if you are only setting up a test system, you may get along with a self-signed certificate. If you are looking for a place to get "real" certificates, please visit http://www.cacert.org.

You can generate a self-signed certificate with this command on the server:

openssl req -new -x509 -keyout /path/to/private/server.pem -out /path/to/certs/server.pem -days 365 -nodes

Configure the server

You must edit the configuration file etc/trytond.conf with those options:

secure_netrpc = True
secure_xmlrpc = True
secure_webdav = True
privatekey = /path/to/private/server.pem
certificate = /path/to/certs/server.pem

You must restart the server.

Use it

• For the tryton client, there is no need to change anything. The client will use the SSL connection automatically and display a closed lock in the lower right corner.
• For WebDAV access you need to change the schema (first part of the URL) to webdavs:// (that is: append an s), while still using the same port.
• For XML-RPC you need to change the schema (first part of the URL) to https:// (that is: append an s), while still using the same port.