Toolpack:Tsbc TLS Profiles
From TBwiki
(Difference between revisions)
(Adjusted images width) |
|||
| Line 14: | Line 14: | ||
=== Click ''' Create New Certificate ''' === | === Click ''' Create New Certificate ''' === | ||
| − | [[Image:ConfigureCertificates_1.png]] | + | [[Image:ConfigureCertificates_1.png|250px]] |
=== Configure certificate parameters === | === Configure certificate parameters === | ||
| Line 23: | Line 23: | ||
* Click "Create" | * Click "Create" | ||
| − | [[Image:ConfigureCertificates_2.png]] | + | [[Image:ConfigureCertificates_2.png|500px]] |
== Upload local certificates (optional) == | == Upload local certificates (optional) == | ||
| Line 34: | Line 34: | ||
Example: | Example: | ||
| − | [[Image:ConfigureCertificates_3.png]] | + | [[Image:ConfigureCertificates_3.png|500px]] |
Then: | Then: | ||
scp my_local_cert.key root@MyFreeSbcHostName:/lib/tb/toolpack/pkg/ssl_certificate/ | scp my_local_cert.key root@MyFreeSbcHostName:/lib/tb/toolpack/pkg/ssl_certificate/ | ||
| Line 42: | Line 42: | ||
=== Select '''Certificates''' from the navigation panel === | === Select '''Certificates''' from the navigation panel === | ||
| − | [[Image:ConfigureTlsProfile_0.png]] | + | [[Image:ConfigureTlsProfile_0.png|150px]] |
=== Click ''' Create New TLS Profile''' === | === Click ''' Create New TLS Profile''' === | ||
| − | [[Image:ConfigureTlsProfile_1.png]] | + | [[Image:ConfigureTlsProfile_1.png|300px]] |
=== Configure TLS Profile parameters === | === Configure TLS Profile parameters === | ||
| Line 56: | Line 56: | ||
* Select one or multiple "trusted" certificates, which correspond to remote equipment's certificates (or root certificates from which remote certificates are signed) | * Select one or multiple "trusted" certificates, which correspond to remote equipment's certificates (or root certificates from which remote certificates are signed) | ||
| − | [[Image:ConfigureTlsProfile_2.png]] | + | [[Image:ConfigureTlsProfile_2.png|500px]] |
| − | [[Image:ConfigureTlsProfile_3.png]] | + | [[Image:ConfigureTlsProfile_3.png|500px]] |
Revision as of 12:51, 11 March 2019
Contents |
Configuring Certificates and TLS Profiles
Applies to version(s): v3.1 and above
Multiple TLS profiles can be created in Toolpack. A TLS profile is a collection of certificates and other settings that define the behavior of TLS connections. Multiple TLS profiles can be used to expose different certificates and options to different TLS connections in Toolpack, though one TLS profile is generally enough.
Upload trusted certificates
Click Create New Certificate
Configure certificate parameters
- Give a name that is meaningful to you
- Select "Trusted" certificate to import a remote party's certificate to trust
- Drag-and-drop (or copy-paste) the certificate's text content into the appropriate text box
- Click "Create"
Upload local certificates (optional)
Toolpack already contains a unique default certificate (unique per Toolpack system, shared for 1+1 hosts). This certificate is used for HTTPs, and can also be used for TLS.
In case you want to use a custom local certificate, proceed as follows:
- Repeat the same procedure as above (but using "Local" certificate type) to import the local certificate
- Use ssh (command-line or using tool like Filezilla) to upload the private key to the unit to following path. Use the same file name as the local certificate name previously used to import in the web portal (except file extension):
/lib/tb/toolpack/pkg/ssl_certificate/
Example:
Then:
scp my_local_cert.key root@MyFreeSbcHostName:/lib/tb/toolpack/pkg/ssl_certificate/
Create TLS profile
Click Create New TLS Profile
Configure TLS Profile parameters
- Give a name that is meaningful to you
- Decide if client authentication is required (meaning that incoming connections require remote side to present a trusted certificate)
- Select a local certificate (either one imported earlier, or the "Default" certificate which is automatically generated by Toolpack and is also used for HTTPS)
- Click "Create"
- Select one or multiple "trusted" certificates, which correspond to remote equipment's certificates (or root certificates from which remote certificates are signed)
