Securing Shares |
In a default IBM Aspera Shares installation, nginx generates and uses a self-signed SSL certificate. You can find this certificate at the following location: /opt/aspera/etc/aspera_server_cert.pem.To set up a signed SSL certificate, follow these steps:
Run the following command (where key_name.key is the name of the unique key that you are creating and csr_name.csr is the name of your CSR):
$ openssl req -new -nodes -newkey rsa:2048 -keyout key_name.key -out csr_name.csrAfter entering the command, you are prompted to enter several pieces of information, which are the certificate's X.509 attributes.
Generating a 1024 bit RSA private key ....................++++++ ................++++++ writing new private key to 'my_key_name.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:Your_2_letter_ISO_country_code State or Province Name (full name) [Some-State]:Your_State_Province_or_County Locality Name (eg, city) []:Your_City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your_Company Organizational Unit Name (eg, section) []:Your_Department Common Name (i.e., your server's hostname) []:secure.yourwebsite.com Email Address []:johndoe@yourwebsite.com
... Enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
After finalizing the attributes, the private key and CSR will be saved to your root directory.
You now need to send your unsigned CSR to a Certifying Authority (CA). Once the CSR has been signed, you have a real Certificate. Follow the key provider's instructions to generate and submit both your private key and the Certificate Signing Request (CSR) to acquire the certificate. Here is a list of commonly used certificate authorities.
At this point, you may need to generate a self-signed certificate because:
# cd /opt/aspera/shares/etc/nginx
# mv cert.pem cert.pem.orig
# mv cert.key cert.key.orig
# cat your_domain_name.crt DigiCertCA.crt >> cert.pem
# /opt/aspera/shares/sbin/sv restart nginx