Https: where to put the 'cer' and 'key'?

Good evening gents,

sorry to bother you again.
I have put the ‘XXX.cer’ and ‘XXX.key’ files into the directories /etc/ssl/certs and /etc/ssl/private on the linux serve but again:
it does not show any effect.

The DNS entires according ‘https://docs.tutor.overhang.io/configuration.html#ssl-tls-certificates-for-https-access’ are set, a manual creation ‘tutor local https create’ fails. But I am doubting whether that is the right way as I already have those files?!

As I have learned that edx runs several virtual webservers I assume that the files have to be put at a location that won’t be overwritten at reboots or updates.

The documentation I have found so far is about generating keys by ‘Lets encrypt’ or similar. I already have those files provided by Digicert.
Would someone help me out, please?

Best, Falk

@phulc, this will likely depend on your particular setup, but if you are running the ansible scripts to setup edx, you can set some ansible variables so that nginx will be setup with your specified keys.

You’ll want to set these options:

NGINX_ENABLE_SSL: true
NGINX_SSL_CERTIFICATE: <path to certificate>
NGINX_SSL_KEY: <path to private key>

You may also want to set NGINX_REDIRECT_TO_HTTPS to true, if you want all HTTP requests to be redirected to HTTPS.

I haven’t used tutor before, but it looks like some of the options in their config.yml match those expected by the ansible scripts, so these options may work for you as well.

1 Like

Thanks Josh,
I have put these variables into the config.yml that I have found in /edx/tutor:
NGINX_ENABLE_SSL: true
NGINX_SSL_CERTIFICATE: /etc/ssl/certs
NGINX_SSL_KEY: /etc/ssl/private
NGINX_REDIRECT_TO_HTTPS: true
Hope that it is correct that way.
Is a restart of edx necessary or should it take effect anyway?

Follow this tutorial, it worked for me: https://blog.lawrencemcdaniel.com/open-edx-ssl-encryption/

Thanks for the hint, johnnyak. I know this tutorial. But this does not seem to work for me:
On my webserver I do find neither
/etc/nginx/
nor
/edx/app/nginx/

That’s where I am out …

In addition @all:
I was told that we need to use the key and certificate that we were provided with.
We have the constellation, that elearning.medopolo.com is redirected to a server different from the one where medopolo.com is hosted. The certifates thus legitimize the redirection of the subdomain to the IP where open edx is hosted.

Ok guys,
I have learned now that there is a tutor version of edx and I will continue posting in the appropriate forum. So please excuse my naïve approach and thanks a lot for your good will to help!
Best wishes, Falk