Page Comparison

Introduction

Squirro ships with an nginx web server. For the HTTPS connection to that server it generates self-signed SSL certificate. That certificate will trigger warnings for users and is not trusted the Squirro Toolbox either. To fix those issues, an SSL certificate should be ordered through the official channels.

Generate CSR

Generate a Certificate Signing Request (CSR) using the openssl command line. As root execute the following commands:

cd /etc/nginx/ssl
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Enter Details

The command will run through a number of questions, that you can answer as follows:

• Common Name: The fully qualified domain name without protocol of the server you want to secure with the certificate (e.g. squirro.example.com)
• Organization: The full name of your organisation
• Organization Unit (OU): Name of your department
• City or Locality: The city where your organisation is located
• State or Province: The state or province of your organisation
• Country: The official two-letter country code (e.g. CH, UK, US) of the organisation

Submit

The server.csr file is submitted to the certificate authority as the certificate request.

Installing Certificate

Once the certificate authority is done, you will receive a SSL certificate. Once that has been received store the key as /etc/nginx/ssl/server.crt.

Then you need to change the nginx configuration to use the new server SSL certificate instead of the default one. This is done by editing the file /etc/nginx/conf.d/ssl.inc. Change the values of ssl_certificate and ssl_certificate_key to point to the new certificate and key files:

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

…

Applying Changes

One these changes have been saved, run the following commands to restart nginx and have the changes take affect: