Toolpack:Configure HTTPS certificates A
Cboulanger (Talk | contribs) (Instructions to generate/upload a signed-certificate) |
Cboulanger (Talk | contribs) m (Cosmetic) |
||
| Line 9: | Line 9: | ||
2. Login root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate | 2. Login root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate | ||
| − | |||
cd /lib/tb/toolpack/pkg/ssl_certificate | cd /lib/tb/toolpack/pkg/ssl_certificate | ||
3. Create a 'certificate signing request' form and private key using the command below: | 3. Create a 'certificate signing request' form and private key using the command below: | ||
| − | |||
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key | openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key | ||
| − | |||
The 'common name' must be the URL that you will use to access the unit. If an IP address is used, we strongly recommend it to either be static or 'reserved' into the DHCP. For example: | The 'common name' must be the URL that you will use to access the unit. If an IP address is used, we strongly recommend it to either be static or 'reserved' into the DHCP. For example: | ||
| − | + | https://192.168.130.3:12358 -> common name = 192.168.130.3 | |
| − | + | https://myunit.lan:12358 -> common name = myunit.lan | |
| − | + | ||
4. The previous step should have created two files: | 4. The previous step should have created two files: | ||
| − | + | CSR.csr | |
| − | + | privateKey.key | |
| − | + | ||
5. Download the generated CSR.csr from your unit and sent it to your signing authority to get a signed certificate | 5. Download the generated CSR.csr from your unit and sent it to your signing authority to get a signed certificate | ||
| Line 31: | Line 26: | ||
7. Concatenate the private key and signed certificate and replace the content of the file toolpack_cert.pem | 7. Concatenate the private key and signed certificate and replace the content of the file toolpack_cert.pem | ||
| − | |||
rm -f toolpack_cert.* | rm -f toolpack_cert.* | ||
cat privateKey.key <yoursignedcertificatefile> > toolpack_cert.pem | cat privateKey.key <yoursignedcertificatefile> > toolpack_cert.pem | ||
Revision as of 11:19, 30 March 2017
Applies to version(s): v2.9, v2.10
If you created a HTTP service using HTTPS and want to have a officially signed certificate, you can follow these steps
Steps
1. Activate the HTTPS on the unit to have the system generate a self-signed certificate
2. Login root using SSH to your unit and go to /lib/tb/toolpack/pkg/ssl_certificate
cd /lib/tb/toolpack/pkg/ssl_certificate
3. Create a 'certificate signing request' form and private key using the command below:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
The 'common name' must be the URL that you will use to access the unit. If an IP address is used, we strongly recommend it to either be static or 'reserved' into the DHCP. For example:
https://192.168.130.3:12358 -> common name = 192.168.130.3 https://myunit.lan:12358 -> common name = myunit.lan
4. The previous step should have created two files:
CSR.csr privateKey.key
5. Download the generated CSR.csr from your unit and sent it to your signing authority to get a signed certificate
6. Once you have the signed certificate, upload it to your unit in the same directory as above
7. Concatenate the private key and signed certificate and replace the content of the file toolpack_cert.pem
rm -f toolpack_cert.* cat privateKey.key <yoursignedcertificatefile> > toolpack_cert.pem
