Https: where to put the 'cer' and 'key'?

phulc · April 19, 2020, 10:12pm

Good evening gents,

sorry to bother you again.
I have put the ‘XXX.cer’ and ‘XXX.key’ files into the directories /etc/ssl/certs and /etc/ssl/private on the linux serve but again:
it does not show any effect.

The DNS entires according ‘https://docs.tutor.overhang.io/configuration.html#ssl-tls-certificates-for-https-access’ are set, a manual creation ‘tutor local https create’ fails. But I am doubting whether that is the right way as I already have those files?!

As I have learned that edx runs several virtual webservers I assume that the files have to be put at a location that won’t be overwritten at reboots or updates.

The documentation I have found so far is about generating keys by ‘Lets encrypt’ or similar. I already have those files provided by Digicert.
Would someone help me out, please?

Best, Falk

joshm · April 20, 2020, 12:50pm

@phulc, this will likely depend on your particular setup, but if you are running the ansible scripts to setup edx, you can set some ansible variables so that nginx will be setup with your specified keys.

You’ll want to set these options:

NGINX_ENABLE_SSL: true
NGINX_SSL_CERTIFICATE: <path to certificate>
NGINX_SSL_KEY: <path to private key>

You may also want to set NGINX_REDIRECT_TO_HTTPS to true, if you want all HTTP requests to be redirected to HTTPS.

I haven’t used tutor before, but it looks like some of the options in their config.yml match those expected by the ansible scripts, so these options may work for you as well.

phulc · April 20, 2020, 1:38pm

Thanks Josh,
I have put these variables into the config.yml that I have found in /edx/tutor:
NGINX_ENABLE_SSL: true
NGINX_SSL_CERTIFICATE: /etc/ssl/certs
NGINX_SSL_KEY: /etc/ssl/private
NGINX_REDIRECT_TO_HTTPS: true
Hope that it is correct that way.
Is a restart of edx necessary or should it take effect anyway?

johnnyak · April 20, 2020, 3:12pm

Follow this tutorial, it worked for me: https://blog.lawrencemcdaniel.com/open-edx-ssl-encryption/

phulc · April 20, 2020, 3:29pm

Thanks for the hint, johnnyak. I know this tutorial. But this does not seem to work for me:
On my webserver I do find neither
/etc/nginx/
nor
/edx/app/nginx/

That’s where I am out …

In addition @all:
I was told that we need to use the key and certificate that we were provided with.
We have the constellation, that elearning.medopolo.com is redirected to a server different from the one where medopolo.com is hosted. The certifates thus legitimize the redirection of the subdomain to the IP where open edx is hosted.

phulc · April 21, 2020, 2:45pm

Ok guys,
I have learned now that there is a tutor version of edx and I will continue posting in the appropriate forum. So please excuse my naïve approach and thanks a lot for your good will to help!
Best wishes, Falk

Topic		Replies	Views
Install and Configure external SSL Development how-to , tutor , nutmeg	3	573	January 29, 2024
Re-launching Open edX Olive Tutor Help tutor , olive	2	332	February 20, 2023
Connect ElasticSearch through SSL Tutor Help tutor	3	143	November 22, 2023
How to reverse proxy to Open edX sites deployed with tutor from another server Site Operations Help how-to	5	1503	December 22, 2022
Open edX behind apache hosting proxy Development how-to , tutor	1	179	November 28, 2023

Https: where to put the 'cer' and 'key'?

Related Topics