(gs):Self-signed SSL certificate
- This page was last modified on July 26, 2011, at 14:58.
From (mt) Community Wiki
Contents |
Overview
Follow this guide to learn how to generate and install a self-signed SSL certificate on your (gs) Grid-Service. Thanks to JBond for the original write-up!
Every (gs) Grid-Service comes with an SSL Certificate associated with your Access Domain.
Only one SSL certificate can be active at any time on a (gs) Grid-Service. If you already have a certificate, you probably don't want to overwrite it with a self-signed certificate. The site that uses your current SSL certificate may not function properly (users will receive security warnings/errors when interacting with that site).
Instructions
- Connect to your (gs) Grid-Service via SSH.
- Issue this command to create the key (use your domain name in place of servername in the following examples). Here, we'll be generating a 1024-bit key:
openssl genrsa -des -out servername.key 1024
- This step will remove the passphrase from the key, so it is usable on the (gs) Grid-Service. First, we copy the key to servername.key.org, then we overwrite your original key with the passphrase-less version.
cp servername.key servername.key.org openssl rsa -in servername.key.org -out servername.key
- Navigate to the SSL Certificate tool in your (gs) Grid-Service Control Panel.
- Click generate CSR.
- Fill out the text fields as appropriate.
- Click the generate button.
- Copy all of the generated CSR text into a new file. Save it as servername.csr in the same directory where you created your key file.
- Create the self-signed certificate (this command makes it 'valid' for 1000 days):
openssl x509 -req -days 1000 -in servername.csr -signkey servername.key -out servername .crt
- Navigate to the SSL Certificate tool in your (gs) Grid-Service Control Panel.
- Click on import certificate.
- Paste the text contained in the servername.key file into the Key field, and the text contained in the servername.crt file into the Certificate field.
- Click save.