SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Instruction for installing TLS server certificate on nginx

Browse source
This commit is contained in:
Fadi Abbud 2022-02-02 15:19:25 +01:00
parent 1d8b4c4c5a
commit 05f35a76af
2 changed files with 47 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -19,6 +19,7 @@
These places the binaries under `bin/` directory. These places the binaries under `bin/` directory.
- [Install](http://nginx.org/en/docs/install.html) **nginx** - [Install](http://nginx.org/en/docs/install.html) **nginx**
- To install server certificate on nginx see [docs/install-server-certificate.md](docs/client-certificate-setup.md)
- To configure nginx see [docs/provider-setup.md](docs/provider-setup.md) - To configure nginx see [docs/provider-setup.md](docs/provider-setup.md)
## csaf_uploader ## csaf_uploader

46
docs/install-server-certificate.md Normal file
View file

@ -0,0 +1,46 @@
# Install TLS Certificate on nginx
If you already have the TLS Certificates you can start with [Link the files](#link-the-files) step.
## Generate a private key and Certificate Signing Request (CSR)
Generate and submit the Certificate Signing Request (CSR) to the issuing Certificate Authority (CA) for processing.
Firstly create the key
```shell
openssl req -new newkey -aes256 -out {domainName}.key 4096
```
Then create the Certificate Singing Request (CSR)
```shell
openssl req -new -key {domainName}.key -out {domainName}.csr
```
A number of questions about the CSR details should be answered.
These generated CSR is necessary for the validation of the TLS certificate generation, thus the content should be submitted to the Certificate Authority to sign the certificate.
## Link the files
Once the CA issues the certificate download it to `/etc/ssl/`.
- If you recieved {domainName}.pem file from the CA when the certificate was issued, then this file contains both primary and intermediate certificate and you can skip the next step.
- Concatenate the primary certificate file ({domainName.crt}) and the intermediate file ({intemediate.crt})
```shell
cat {domainName.crt} {intermediate.crt} >> bundle.crt
```
## Configure nginx
Adjust the server block in ```/etc/nginx/sites-enabled/default```:
```
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/{domainName.pem}; # or bundle.crt
ssl_certificate_key /etc/ssl/{domainName}.key";
# Other Config
# ...
}
Restart nginx with systemctl nginx restart to apply the changes.