![]() |
As described in HTTPS on the OnBoard Appliance, an OnBoard appliance administrator needs to replace the automatically-generated self signed certificate with an SSL certificate from an official certificate authority. The root user can follow the instructions in the following procedure to generate a certificate signing request; after obtaining the certificate from the CA, the root user then needs to install the public key and the certificate in the Apache web server on the OnBoard appliance.
2. Use openssl with the req parameter to create a private key and a public CSR (certificate signing request).The utility prompts for information. The required information is shown in the following table. Any other requested information is not required.
Organization Name (e.g., company) [Internet Widgits Ltd]: Common Name (e.g., your name or your server’s hostname) []: [root@OnBoard /] cat private.key-/etc/httpd/conf/ssl.key/server.keyThe following screen example uses cert.crt as the name of the certificate file from the CA, Substitute the correct name for your file.[root@OnBoard /] cat cert.cert-/etc/httpd/conf/ssl.crt/server.crtNOTE: By default, the /etc/httpd/conf/ssl.key/server.key and /etc/httpd/conf/ssl.crt/server.crt files are listed in
/etc/config_files so they can be automatically saved in the Flash memory whenever the saveconf command is run or the administrative user saves the configuration files using the Save button on the Mgmt-Backup/restore screen.
6. Run the saveconf command to save the configuration in Flash.[root@OnBoard /] daemon.sh restart APACHE