I have issued an SSL certificate and now I tried to access using ssh to the config file to install my certificate issued, but it's showing an error, can you please tell me how can I install my SSL certificate on portal.azure.com, I have NGINX server
As far as I know, you can't install an SSL certificate in Azure VM via the portal but you can use cloud-init to install packages and write files, or to configure users and security.
When you create a VM, certificates and keys are stored in the protected /var/lib/waagent/ directory. To automate adding the certificate to the VM and configuring the web server, use cloud-init. In this example, you install and configure the NGINX web server. You can use the same process to install and configure Apache.
Create a file named cloud-init-web-server.txt and paste the following configuration:
#cloud-config
package_upgrade: true
packages:
- nginx
write_files:
- owner: www-data:www-data
- path: /etc/nginx/sites-available/default
content: |
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mycert.cert;
ssl_certificate_key /etc/nginx/ssl/mycert.prv;
}
runcmd:
- secretsname=$(find /var/lib/waagent/ -name "*.prv" | cut -c -57)
- mkdir /etc/nginx/ssl
- cp $secretsname.crt /etc/nginx/ssl/mycert.cert
- cp $secretsname.prv /etc/nginx/ssl/mycert.prv
- service nginx restart
Ref: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-secure-web-server
Related
I can see mycert.cert and mycert.prv but there is no "SSL Key" in the /var/lib/waagent directory of the VM I just created.
Deployed an nginx webserver, with SSL cert, using cloud-init, on ubuntu 17.10 VM using Azure KeyVault per the official instructions here.
Installed Jupyter Hub on the VM using the official instructions here.
Now I'd like to add the SSL key and cert to the Jupyter Hub config file per these instructions. Its asking for this format:
jupyterhub --ip x.x.x.x --port 443 --ssl-key my_ssl.key --ssl-cert my_ssl.cert
Where is this ssl.key file?
Any help is much appreciated.
I am on a very newby level when it comes to AWS and SSL.
I got an SSL from GoDaddy. After that I generated the .csr file on AWS and I got an elastic IP. I created a subdomain on godaddy sub.mydomain.com that points to that IP.
I installed the certs following the instructions a found online, but now I get an error. I've tried installing apache2 on the EC2 and rebooting the instance but no luck yet.
Is there a way to remove the SSL cert or Fix the issue? When I got the SSL from GoDaddy, the zip had 2 files and ran the following command to install them:
sudo java -jar lib/ace.jar import_cert gd_bundle-g2-g1.crt gdroot-g2.crt sfroot-g2.crt 54581acbeba8a74e.crt
System said the certs were installed but now as I get that error, on the EC2 we have a unifi controller and we want to get that SSLrunning to accept payments for the hotspot.
I had the same issues my controller is hosted on an EC2 instance.
Check your system.properties which sits in /var/lib/unifi/ open the file with vim or your text editor of choice.
Have a look at your HTTPS options, the important ones are the ciphers and protocols.
The Protocols you need are TLSv1 and potentially SSLv2Hello there should be no other SSL protocols in there.
The Ciphers you ideally want are TLS, so for example TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA
If you are having issues throw them all in, CAUTION! only use this in a demo /test environment.
unifi.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
Remember once you have edited the system.properties you need to restart the controller.
sudo service unifi restart
Lots of help on the Unifi page
UniFi - SSL Certificate Error
UniFi - Explaining the config.properties File
UniFi - system.properties File Explanation
I've tried to follow the following tutorial to setup our own private registry (v2) on an AWS Centos machine.
I've self signed a TLS certificate and placed it in /etc/docker/certs.d/MACHINE_STATIS_IP:5000/
When trying to login the registry (docker login MACHINE_IP:5000) or push a tagged repository (MACHINE_IP:5000/ubuntu:latest) i get the following error :
Error response from daemon: Get https://MACHINE_IP:5000/v1/users/: x509: cannot validate certificate for MACHINE_IP because it doesn't contain any IP SANs
Tried to search for an answer for 2 days, however I couldn't find any.
I've set the certificate CN (common name) to MACHINE_STATIC_IP:5000
When using a self signed TLS certificate docker daemon require you to add the certificate to it's known certificates.
Use the keytool command to grab the certificate :
keytool -printcert -sslserver ${NEXUS_DOMAIN}:${SSL_PORT} -rfc > ${NEXUS_DOMAIN}.crt
And copy it your client's machine SSL certificates directory (in my case - ubuntu):
sudo cp ${NEXUS_DOMAIN}.crt /usr/local/share/ca-certificates/${NEXUS_DOMAIN}.crt && sudo update-ca-certificates
Now reload docker daemon and you're good to go :
sudo systemctl restart docker
You can also use the following command to temporarily trust the certificate without adding it your system certificates.
docker --tlscert <the downloaded tls cert> pull <whatever you want to pull>
For https access I need to add a CA cert file to /usr/local/share/ca-certificates on my Ubuntu host machine.
Currently my Dockerfile RUN wget https... is failing since the certificate verification is failing.
How can Docker use the host machine CA cert? Or is there an existing enhancement opened to allow this?
I've used CA and SSL certs via a passthrough mount, but this looks like you're trying to do it in the Dockerfile.
So my suggestion would be - copy the CA cert to the image as part of the Dockerfile, and then proceed as normal. Or drop to http, or run wget --no-check-certificate if you're happy with that.
There are a few open bugs in this area:
https://github.com/docker/machine/issues/1799
https://github.com/docker/docker/issues/4372
https://github.com/docker/machine/issues/1435
https://github.com/deis/deis/issues/2230
I have successfully installed Elasticsearch, Logstash, Kibana and Nginx on an ubuntu 14 server, everything is working perfectly but i want Logstash and Kibana to use SSL encryption, i have bought a commercial SSL Certificate, and i got 3 files :
Domain.crt
Domain.key
Domain.ca
I have tried to upload the files to the /etc/pki/tls folder and point to them from kibana.yml but it didn't work.
How can i use these files to create a secure ssl on the server ?