Toolpack:Configure HTTPS certificates A

From TBwiki
(Difference between revisions)
Jump to: navigation, search
m (Added a step to restart the web portal)
m (Cosmetic)
Line 7: Line 7:
  
 
1. Activate the HTTPS on the unit to have the system generate a self-signed certificate
 
1. Activate the HTTPS on the unit to have the system generate a self-signed certificate
 
 
2. Login root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate
 
2. Login root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate
 
   cd /lib/tb/toolpack/pkg/ssl_certificate
 
   cd /lib/tb/toolpack/pkg/ssl_certificate
 
 
3. Create a 'certificate signing request' form and private key using the command below:
 
3. Create a 'certificate signing request' form and private key using the command below:
 
   openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
 
   openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
Line 16: Line 14:
 
   https://192.168.130.3:12358  -> common name = 192.168.130.3
 
   https://192.168.130.3:12358  -> common name = 192.168.130.3
 
   https://myunit.lan:12358  -> common name = myunit.lan
 
   https://myunit.lan:12358  -> common name = myunit.lan
 
 
 
4. The previous step should have created two files:
 
4. The previous step should have created two files:
 
   CSR.csr
 
   CSR.csr
 
   privateKey.key
 
   privateKey.key
 
 
5. Download the generated CSR.csr from your unit (e.g. using SCP) and sent it to your signing authority to get a signed certificate
 
5. Download the generated CSR.csr from your unit (e.g. using SCP) and sent it to your signing authority to get a signed certificate
 
 
6. Once you have the signed certificate, upload it to your unit (e.g. using SCP) in the same directory as before
 
6. Once you have the signed certificate, upload it to your unit (e.g. using SCP) in the same directory as before
 
 
7. Concatenate the private key and signed certificate and replace the content of the file toolpack_cert.pem
 
7. Concatenate the private key and signed certificate and replace the content of the file toolpack_cert.pem
 
     rm -f toolpack_cert.*
 
     rm -f toolpack_cert.*
 
     cat privateKey.key <yoursignedcertificatefile>  > toolpack_cert.pem
 
     cat privateKey.key <yoursignedcertificatefile>  > toolpack_cert.pem
 
 
8. Restart the Webportal process to load the new certificate
 
8. Restart the Webportal process to load the new certificate
 
     killall lighttpd
 
     killall lighttpd

Revision as of 11:26, 30 March 2017

Applies to version(s): v2.9, v2.10

If you created a HTTP service using HTTPS and want to have a officially signed certificate, you can follow these steps

Steps

1. Activate the HTTPS on the unit to have the system generate a self-signed certificate 2. Login root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate

  cd /lib/tb/toolpack/pkg/ssl_certificate

3. Create a 'certificate signing request' form and private key using the command below:

  openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

The command will ask numerous questions. Among those, the 'common name' must be the URL that you will use to access the unit. If an IP address is used, we strongly recommend it to either be static or 'reserved' into the DHCP. For example:

  https://192.168.130.3:12358  -> common name = 192.168.130.3
  https://myunit.lan:12358  -> common name = myunit.lan

4. The previous step should have created two files:

  CSR.csr
  privateKey.key

5. Download the generated CSR.csr from your unit (e.g. using SCP) and sent it to your signing authority to get a signed certificate 6. Once you have the signed certificate, upload it to your unit (e.g. using SCP) in the same directory as before 7. Concatenate the private key and signed certificate and replace the content of the file toolpack_cert.pem

   rm -f toolpack_cert.*
   cat privateKey.key <yoursignedcertificatefile>  > toolpack_cert.pem

8. Restart the Webportal process to load the new certificate

   killall lighttpd
Personal tools