Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revisionBoth sides next revision | ||
| docs:guide-user:services:tls:certs [2023/02/28 12:55] – moved PKI down. Main goal of the article is to help users to configure acme.sh stokito | docs:guide-user:services:tls:certs [2023/06/07 04:58] – split articles stokito | ||
|---|---|---|---|
| Line 22: | Line 22: | ||
| ===== ACME.sh ===== | ===== ACME.sh ===== | ||
| - | + | See [[docs: | |
| - | ==== For experienced users ==== | + | |
| - | Use a command line and type '' | + | |
| - | + | ||
| - | ==== More easier way by using GUI ==== | + | |
| - | + | ||
| - | Open LUCI dashboard then in main menu go to '' | + | |
| - | The into the '' | + | |
| - | + | ||
| - | To configure in LUCI in the main menu open '' | + | |
| - | Basic configuration: | + | |
| - | * '' | + | |
| - | * You'll see a preconfigured EXAMPLE domain. We can change it for ourselves: | + | |
| - | * '' | + | |
| - | * '' | + | |
| - | * '' | + | |
| - | * '' | + | |
| - | * '' | + | |
| - | * Click on '' | + | |
| - | + | ||
| - | Now you'll need to wait for some time while the certificate will be generated. | + | |
| - | After that you can find the certificates in ''/ | + | |
| - | * ''/ | + | |
| - | * ''/ | + | |
| - | + | ||
| - | You can use them in nginx, uhttpd, lighttpd, | + | |
| ===== Self signed certs ===== | ===== Self signed certs ===== | ||
| See [[: | See [[: | ||
| - | ===== Installing and trusting a root CA certificate in a PKI ===== | + | ===== Own Certificate Authority with PKI ===== |
| - | + | See [[docs:guide-user:services:tls:pki|Installing and trusting a root CA certificate in a PKI]] | |
| - | As stated above: | + | |
| - | + | ||
| - | >For enabling HTTPS for a website' | + | |
| - | + | ||
| - | But what if you have your private Certificate Authority in your infrastructure? | + | |
| - | + | ||
| - | Steps are as follow: | + | |
| - | + | ||
| - | | + | |
| - | - Install the root CA certificate | + | |
| - | - Add the root CA certificate to the system' | + | |
| - | - A helper script | + | |
| - | + | ||
| - | For this documentation we will assume: | + | |
| - | + | ||
| - | * The CA name is '' | + | |
| - | * The CA server is accessible at '' | + | |
| - | * The CA cert filename is '' | + | |
| - | + | ||
| - | ==== 1. Get the root CA certificate ==== | + | |
| - | + | ||
| - | Let's get the root CA cert. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | openssl s_client -connect ca.private-domain.tld:443 < /dev/null > / | + | |
| - | openssl x509 -outform PEM < / | + | |
| - | rm / | + | |
| - | </ | + | |
| - | + | ||
| - | Note: Don't forget to remove the temporary file ''/ | + | |
| - | + | ||
| - | ==== 2. Install the root CA certificate | + | |
| - | + | ||
| - | Trusted certificates are installed | + | |
| - | + | ||
| - | <code bash> | + | |
| - | mkdir -p / | + | |
| - | mv / | + | |
| - | ln -s / | + | |
| - | chmod ugo-x | + | |
| - | </ | + | |
| - | + | ||
| - | ==== 3. Add the root CA certificate to the system' | + | |
| - | + | ||
| - | The certificate is installed but not yet trusted. You need to provide its hash. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # Generate the hash | + | |
| - | HASH=" | + | |
| - | + | ||
| - | # Display the hash value | + | |
| - | echo " | + | |
| - | + | ||
| - | # Link the hash to the certificate | + | |
| - | ln -s "/ | + | |
| - | </ | + | |
| - | + | ||
| - | Note: If another cert has the same hash use suffix '' | + | |
| - | + | ||
| - | Congratulations, | + | |
| - | + | ||
| - | ==== 4. A helper script ==== | + | |
| - | + | ||
| - | <code bash> | + | |
| - | CA_NAME=" | + | |
| - | CERT_FILE=" | + | |
| - | CERT_INSTALL_DIR="/ | + | |
| - | CERT_PATH=" | + | |
| - | + | ||
| - | openssl s_client -connect ${CA_NAME}: | + | |
| - | mkdir -p " | + | |
| - | openssl x509 -outform PEM < / | + | |
| - | HASH=" | + | |
| - | echo " | + | |
| - | + | ||
| - | ln -s " | + | |
| - | ln -s "/ | + | |
| - | ls -al "/ | + | |
| - | + | ||
| - | rm / | + | |
| - | </ | + | |