top of page
Search

How To: Replacing the default certificate

  • Writer: Admin
    Admin
  • Jun 16, 2020
  • 2 min read

Some of our users prefer to use a certificate generated from their own organization. It increases the chain of trust, and it is easy for Pia Software to support this. We ship our product with a signed certificate from Let's Encrypt that automatically renews itself periodically.

The Flow Logs Viewer runs an nginx web server on top of Ubuntu.

Digital Ocean provides a great tutorial on SSL Setup end-to-end in case you want to understand the steps in more detail:

Here are some abbreviated steps to help you modify our existing nginx installation with your own certificate:

Step 1:

If applicable, SCP your desired certificate onto the box:

$ scp *.pem ubuntu@<your public ip>:/tmp

Step 2:

SSH into the box:

$ ssh ubuntu@<your public ip>

Step 3:

Move the certificate into an appropriate location and change permissions on it:

$ sudo mkdir /etc/ssl/certs/

$ sudo mv /tmp/*.pem /etc/ssl/certs/

$ sudo chown -R root:root /etc/ssl/certs/ $ sudo chmod -R 600 /etc/ssl/certs/

Step 4:

Modify nginx.conf to point to your new certificates, taking a backup first:

$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

$ sudo vi /etc/nginx/nginx.conf

remove the following four lines:

ssl_certificate /etc/letsencrypt/live/viewer.piasoftware.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/viewer.piasoftware.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

If there is any confusion about the ssl_certificate and ssl_certificate_key , please see the link to Digital Ocean above to generate it.

Add these lines and insert the path to your certificate:

ssl_certificate /etc/ssl/certs/<path to your certificate>

ssl_certificate_key /etc/ssl/certs/<path to your certificate key file>

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:AES256+ECDHE';

Save and exit vi with:

ESC + :wq

Step 5:

Check the configuration file for errors:

$ sudo nginx -t

This will check the config file for errors and give you an opportunity to fix them before restarting nginx and potentially making content unavailable

Step 6:

Modify application.rb configuration file:

$ vi /home/ubuntu/flowlogviewer/current/config/application.rb

on line 29, change config.use_bundled_cert to:

config.use_bundled_cert = true

Save and exit vi with: ESC + :wq

Step 7: Restart nginx and flowlogsviewer:

$ sudo systemctl restart nginx

$ sudo systemctl restart flowlogviewer.target

Step 8:

Browse to your instance and verify proper certificate setup with your browser:

hit:

https://<your public ip>

 
 
 

Recent Posts

See All
locast2plex in docker

We have other interests besides AWS and Flow Logs. Recently, we found a cool way to get local TV stations streamed to our Plex machine....

 
 
 

5 comentarios


Shawn Joseph
Shawn Joseph
27 dic 2024

Thankyou for this information, I am really glad to see this post. I also want to recommend you to try this Christa Miller White Sweatshirt On Shrinking S2.

Me gusta

Shawn Joseph
Shawn Joseph
27 dic 2024

Substitute your regular winter sweatshirt with the SAS Rogue Heroes S02 David Stirling Sweatshirt. Wear independently or underneath layering.

Me gusta

Shawn Joseph
Shawn Joseph
27 dic 2024

The Way Home S03 Sadie Laflamme Snow Sweater is a mix of color and convenient for everyday use. This wool sweater with a casual fit offers

Me gusta

Shawn Joseph
Shawn Joseph
27 dic 2024

Will Trent Abigail Campano White Bomber Jacket is a creation of fleece fabric, which is the most durable material. The comfort is guaranteed by the soft viscose lining.

Me gusta

Shawn Joseph
Shawn Joseph
27 dic 2024

This detailed Best Wichita Costume Guide comes along with a bunch of essentials that will help you imitate the same look as hers from the movie.

Me gusta

pia@piasoftware.net

Arlington VA 22203

(804) 5050PIA

(804) 505-0742

  • Pia Software on LinkedIn
  • Pia Software on Twitter
  • PiaSoftware on Facebook

©2017 BY PIA SOFTWARE.  All rights reserved.

bottom of page