How To: Replacing the default certificate
- Admin
- Jun 16, 2020
- 2 min read
Some of our users prefer to use a certificate generated from their own organization. It increases the chain of trust, and it is easy for Pia Software to support this. We ship our product with a signed certificate from Let's Encrypt that automatically renews itself periodically.
The Flow Logs Viewer runs an nginx web server on top of Ubuntu.
Digital Ocean provides a great tutorial on SSL Setup end-to-end in case you want to understand the steps in more detail:
Here are some abbreviated steps to help you modify our existing nginx installation with your own certificate:
Step 1:
If applicable, SCP your desired certificate onto the box:
$ scp *.pem ubuntu@<your public ip>:/tmp
Step 2:
SSH into the box:
$ ssh ubuntu@<your public ip>
Step 3:
Move the certificate into an appropriate location and change permissions on it:
$ sudo mkdir /etc/ssl/certs/
$ sudo mv /tmp/*.pem /etc/ssl/certs/
$ sudo chown -R root:root /etc/ssl/certs/ $ sudo chmod -R 600 /etc/ssl/certs/
Step 4:
Modify nginx.conf to point to your new certificates, taking a backup first:
$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
$ sudo vi /etc/nginx/nginx.conf
remove the following four lines:
ssl_certificate /etc/letsencrypt/live/viewer.piasoftware.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/viewer.piasoftware.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
If there is any confusion about the ssl_certificate and ssl_certificate_key , please see the link to Digital Ocean above to generate it.
Add these lines and insert the path to your certificate:
ssl_certificate /etc/ssl/certs/<path to your certificate>
ssl_certificate_key /etc/ssl/certs/<path to your certificate key file>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:AES256+ECDHE';
Save and exit vi with:
ESC + :wq
Step 5:
Check the configuration file for errors:
$ sudo nginx -t
This will check the config file for errors and give you an opportunity to fix them before restarting nginx and potentially making content unavailable
Step 6:
Modify application.rb configuration file:
$ vi /home/ubuntu/flowlogviewer/current/config/application.rb
on line 29, change config.use_bundled_cert to:
config.use_bundled_cert = true
Save and exit vi with: ESC + :wq
Step 7: Restart nginx and flowlogsviewer:
$ sudo systemctl restart nginx
$ sudo systemctl restart flowlogviewer.target
Step 8:
Browse to your instance and verify proper certificate setup with your browser:
hit:
https://<your public ip>
Welcome to Chicken Roads, the ultimate casino game where your skill and patience help a chicken cross the road—and win big! With over 3.6 million wins, the new Chicken Road 2 app offers enhanced safety, more payment options, and top-notch fraud protection. Get started now: Download the App, create your Chicken Road ID, and log in to start winning today!
Experience premium gaming at Dafabet Casino, featuring world-class providers like Betsoft, Microgaming, and Playtech. Enjoy seamless play on desktop or mobile with the Dafabet App, and get quick access to your favorite games through the Dafabet Login. Explore more exciting features and opportunities with Dafabet India today.
Welcome to Gold365 – the best platform for safe and exciting cricket betting in India. Popular for its dependability, security, and excellent customer care, Gold 365 has become the leading destination for both novices and veterans. Access is simple with Gold365 Login, ensuring an easy and reliable betting experience every time.
My laptop kept freezing and slowing down all the time.
This computer repair fixed everything fast and got it running smooth again. Try it today and feel the difference!
Thankyou for this information, I am really glad to see this post. I also want to recommend you to try this Christa Miller White Sweatshirt On Shrinking S2.