Add an SSL certificate Follow

Avatar
Charity
  • Updated

If you wish to configure the ASL web console to use a different SSL certificate check with your SSL vendor for instructions for setting up SSL keys and certificates for Apache. Each SSL vendor may require you change different settings. The ASL web console SSL settings are provided in this file:

/var/asl/etc/httpd/conf.d/ssl.conf

 

The following is provided as a courtesy, and should not be used unless you know what you are doing. Always follow the instructions of your SSL vendor.

 

Generic instructions

Step 1) Configure Apache to point to your SSL cert, key and CA bundle:

Important Note: These files must be in directories, and their permissions must be configured to allow the tortix user to read them. Unlike apache, for security reasons tortix does NOT start as root, and therefore cannot read any file on the system

 

SSLCertificateFile

This is the path to your certificate file.

Example:

SSLCertificateFile /your/path/to/your.cert

 

SSLCertificateKeyFile

This is the path to your secret key.

Example:

SSLCertificateKeyFile /your/path/to/your.key

 

SSLCACertificateFile

This is the path to your certificate file. Your SSL provider will provide you with this file.

Example:

SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

Step 2)

Restart tortixd:

service tortixd restart

Note: If you have questions about generating SSL keys and certs, please contact your SSL vendor.

 

Errors

x509 certificate routines:X509_check_private_key:key values mismatch

This errors means the private key file (that you supplied via your configuration) does not match the certificate (that you supplied via your configuration). This can happen if you mix up the key and certificate. You can test this from the command line:

To make sure the files tally, display the modulus value of each file:

openssl rsa -noout -modulus -in FILE.key
openssl req -noout -modulus -in FILE.csr
openssl x509 -noout -modulus -in FILE.cer

If everything matches (same modulus), the files are compatible. If not, one of the file is not linked to the others.

Note: Modulus only applies on private keys and certificates using the RSA cryptographic algorithm. If you generated keys using ECC (Elliptic Curve Cryptography) private key or if your certificate is signed with ECC you won't find a modulus.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more
Powered by Zendesk