Hello,
I have a wildcard certificate in pfx format that I have broken into a certificate and keyfile. I have uploaded these files to the thirdlane server at /etc/pki/tls/certs and modified /etc/httpd/config.d/ssl.conf to point to the new certs and keyfile. After this I issued the command "service httpd restart" and the Web server service restarted... But still with the self signed cert.
What did I miss?
Submitted by jkeegan123 on Mon, 10/12/2015
Permalink
I found out that the web engine is running on NGINX...the certificate files needed to be installed where ever they can be called (like /etc/pki/tls/certs ) and the following file needs to be modified:
/etc/nginx/conf.d/default.conf
Under the heading "server {" you will see definitions for where the server is listening (default is all IP's or 0.0.0.0:10000;). You should add your server name if it is not there already:
It should go under "listen 0.0.0.0:10000;"
server_name your.server.name
Further down the file you will see the path to the SSL certificate along with the file name...change this to the appropriate path where you place your certificate file and key file, and save the file. MAKE SURE TO BACK THE FILE UP BEFORE YOU CHANGE IT, JUST IN CASE .... we all make mistakes, so you might as well plan for it...
Here's an example file for /etc/nginx/conf.d/default.conf:
# nginx thirdlane conf v 1.1
upstream uniserver {
server 127.0.0.1:5000;
}
server {
listen 0.0.0.0:10000;
server_name server.domain.net;
ssl on;
ssl_certificate /etc/webmin/yourcert.crt;
ssl_certificate_key /etc/webmin/yourkey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
ssl_prefer_server_ciphers on;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
Make sure that you separated out the private key from the certificate, if you don't know how to do that, then use the digicert utility on the digicert website, or try the utility on the sslshopper website.