Toolpack:Configure HTTPS certificates A
Cboulanger (Talk | contribs) (Instructions to generate/upload a signed-certificate) |
|||
| (14 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
{{DISPLAYTITLE:Configure HTTPS certificates}} | {{DISPLAYTITLE:Configure HTTPS certificates}} | ||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | |rowspan="3"|This article applies to: | ||
| + | |'''Product''' | ||
| + | |'''Version''' | ||
| + | |- | ||
| + | |Tmedia | ||
| + | |2.9, 2.10, 3.0, 3.2 | ||
| + | |} | ||
| + | If you created a HTTP service using HTTPS and want to have an officially signed certificate, follow these steps | ||
| − | |||
| − | + | 1. Activate the HTTPS on the unit to have the system generate a self-signed certificate. | |
| − | + | ||
| − | 1. Activate the HTTPS on the unit to have the system generate a self-signed certificate | + | |
| − | + | ||
| − | + | ||
| + | 2. Log in as root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate. | ||
cd /lib/tb/toolpack/pkg/ssl_certificate | cd /lib/tb/toolpack/pkg/ssl_certificate | ||
| − | 3. Create a 'certificate signing request' form and private key using the command | + | 3. Create a 'certificate signing request' form and private key using the following command: |
| − | + | ||
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key | openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key | ||
| − | + | You will be prompted for information. One of the prompts is for the 'common name'. Set it to the URL that you will use to access the unit. If an IP address is used, we strongly recommend it to either be static or 'reserved' in the DHCP. | |
| − | + | ||
| − | + | For example: | |
| − | + | https://192.168.130.3:12358 -> common name = 192.168.130.3 | |
| − | + | https://myunit.lan:12358 -> common name = myunit.lan | |
4. The previous step should have created two files: | 4. The previous step should have created two files: | ||
| + | CSR.csr | ||
| + | privateKey.key | ||
| + | 5. Download the generated CSR.csr from your unit (using SCP) and sent it to your signing authority to get a signed certificate. | ||
| − | + | 6. Once you have the signed certificate, upload it to your unit (using SCP) in the same directory as before. | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | 6. Once you have the signed certificate, upload it to your unit in the same directory as | + | |
| − | 7. Concatenate the private key and signed certificate and replace the | + | 7. Concatenate the private key and signed certificate and replace the contents of the file toolpack_cert.pem |
| + | rm -f toolpack_cert.* | ||
| + | cat privateKey.key <yoursignedcertificatefile> > toolpack_cert.pem | ||
| − | + | 8. Restart the Webportal process to load the new certificate. | |
| − | + | killall lighttpd | |
Latest revision as of 13:48, 13 November 2020
| This article applies to: | Product | Version |
| Tmedia | 2.9, 2.10, 3.0, 3.2 |
If you created a HTTP service using HTTPS and want to have an officially signed certificate, follow these steps
1. Activate the HTTPS on the unit to have the system generate a self-signed certificate.
2. Log in as root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate.
cd /lib/tb/toolpack/pkg/ssl_certificate
3. Create a 'certificate signing request' form and private key using the following command:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
You will be prompted for information. One of the prompts is for the 'common name'. Set it to the URL that you will use to access the unit. If an IP address is used, we strongly recommend it to either be static or 'reserved' in the DHCP.
For example:
https://192.168.130.3:12358 -> common name = 192.168.130.3 https://myunit.lan:12358 -> common name = myunit.lan
4. The previous step should have created two files:
CSR.csr privateKey.key
5. Download the generated CSR.csr from your unit (using SCP) and sent it to your signing authority to get a signed certificate.
6. Once you have the signed certificate, upload it to your unit (using SCP) in the same directory as before.
7. Concatenate the private key and signed certificate and replace the contents of the file toolpack_cert.pem
rm -f toolpack_cert.* cat privateKey.key <yoursignedcertificatefile> > toolpack_cert.pem
8. Restart the Webportal process to load the new certificate.
killall lighttpd
