How To: Replacing the default certificate
- Admin
- Jun 16, 2020
- 2 min read
Some of our users prefer to use a certificate generated from their own organization. It increases the chain of trust, and it is easy for Pia Software to support this. We ship our product with a signed certificate from Let's Encrypt that automatically renews itself periodically.
The Flow Logs Viewer runs an nginx web server on top of Ubuntu.
Digital Ocean provides a great tutorial on SSL Setup end-to-end in case you want to understand the steps in more detail:
Here are some abbreviated steps to help you modify our existing nginx installation with your own certificate:
Step 1:
If applicable, SCP your desired certificate onto the box:
$ scp *.pem ubuntu@<your public ip>:/tmp
Step 2:
SSH into the box:
$ ssh ubuntu@<your public ip>
Step 3:
Move the certificate into an appropriate location and change permissions on it:
$ sudo mkdir /etc/ssl/certs/
$ sudo mv /tmp/*.pem /etc/ssl/certs/
$ sudo chown -R root:root /etc/ssl/certs/ $ sudo chmod -R 600 /etc/ssl/certs/
Step 4:
Modify nginx.conf to point to your new certificates, taking a backup first:
$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
$ sudo vi /etc/nginx/nginx.conf
remove the following four lines:
ssl_certificate /etc/letsencrypt/live/viewer.piasoftware.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/viewer.piasoftware.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
If there is any confusion about the ssl_certificate and ssl_certificate_key , please see the link to Digital Ocean above to generate it.
Add these lines and insert the path to your certificate:
ssl_certificate /etc/ssl/certs/<path to your certificate>
ssl_certificate_key /etc/ssl/certs/<path to your certificate key file>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:AES256+ECDHE';
Save and exit vi with:
ESC + :wq
Step 5:
Check the configuration file for errors:
$ sudo nginx -t
This will check the config file for errors and give you an opportunity to fix them before restarting nginx and potentially making content unavailable
Step 6:
Modify application.rb configuration file:
$ vi /home/ubuntu/flowlogviewer/current/config/application.rb
on line 29, change config.use_bundled_cert to:
config.use_bundled_cert = true
Save and exit vi with: ESC + :wq
Step 7: Restart nginx and flowlogsviewer:
$ sudo systemctl restart nginx
$ sudo systemctl restart flowlogviewer.target
Step 8:
Browse to your instance and verify proper certificate setup with your browser:
hit:
https://<your public ip>
Thankyou for this information, I am really glad to see this post. I also want to recommend you to try this Christa Miller White Sweatshirt On Shrinking S2.
Substitute your regular winter sweatshirt with the SAS Rogue Heroes S02 David Stirling Sweatshirt. Wear independently or underneath layering.
The Way Home S03 Sadie Laflamme Snow Sweater is a mix of color and convenient for everyday use. This wool sweater with a casual fit offers
Will Trent Abigail Campano White Bomber Jacket is a creation of fleece fabric, which is the most durable material. The comfort is guaranteed by the soft viscose lining.
This detailed Best Wichita Costume Guide comes along with a bunch of essentials that will help you imitate the same look as hers from the movie.