How can we help?

How to install your own SSL certificate

Follow

By default SMSEagle device is equipped with self-signed SSL certificate. We recommend to replace the default self-signed certificate with your own regular SSL certificate. Below is a short instruction how to do that.

 

NOTICE: This instruction applies for software version < 4.20. If you use software 4.20 or higher, you may install SSL certificate in webGUI > menu Settings > SSL


You have to upload your certificate & key files to the device - we suggest to put them in /etc/ssl directory. We recommend to make a copy of existing files and then upload your own certificate.

To upload certificate files, please use SFTP client and connect using SSH credentials. 

[Above works only for NXS devices, for NPE device please use FTP connection, and place certificates at /mnt/nand-user/lighttpd/etc directory]

[NXS/MHD device type:]

Since SSL certificate is used not only by Apache web server, but also by PostgreSQL database and Postfix email server, we suggest to keep default naming style:

/etc/ssl/server.crt for crt file

/etc/ssl/server.key for key file

then you won't need to make any additional changes in mentioned engines configuration files.

Remember to change key file permissions/ownership with:
chmod 600 server.key
chown postgres:postgres server.key

through command line, so the database can have access to the certificate and actually run.

If you decide to upload certificate & key file with your own filename, then you also need to adjust Apache, PostgreSQL and Postfix configuration files.

At the end of procedure remember to restart your device, or crucial services:

systemctl reload apache2
systemctl reload postgresql
systemctl reload postfix

[NPE device type:]
After placing your certificate at /mnt/nand-user/lighttpd/etc directory please edit webserver config file: /mnt/nand-user/lighttpd/etc/lighttpd.conf and adjust certs name in there:
ssl.pemfile = "/mnt/nand-user/lighttpd/etc/lighttpd.pem"
to your own file.

Then just restart webserver:
killall lighttpd
/mnt/nand-user/lighttpd/setup-autostart.sh

Was this article helpful?
1 out of 1 found this helpful