Difference between revisions of "Setting up https secure connection"
| Line 79: | Line 79: | ||
SSLCertificateFile /etc/httpd/ssl/apache.crt | SSLCertificateFile /etc/httpd/ssl/apache.crt | ||
SSLCertificateKeyFile /etc/httpd/ssl/apache.key | SSLCertificateKeyFile /etc/httpd/ssl/apache.key | ||
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt | |||
Restart apache to apply changes: | Restart apache to apply changes: | ||
service httpd restart | service httpd restart | ||
Revision as of 09:58, 28 February 2020
Installing SSL
In new MOR (starting from X14) and M2 installs, SSL with self-signed certificate is preconfigured (using external sever IP). If you have older MOR and M2 installations, and SSL was not configured previously, you can configure self-signed certificate in MOR/M2 by running the following script. Script is tested and ready to use:
For MOR:
svn update /usr/src/mor /usr/src/mor/x14/gui/ssl_install.sh
For M2:
svn update /usr/src/m2 /usr/src/m2/gui/ssl_install.sh
And restart httpd service
service httpd restart
Clear browser cache before testing redirect. Otherwise it might not work.
Allow only https
If you would like your users to be automatically redirected to secure connection (https), add the line to /etc/httpd/conf.d/m2.conf so it would look like:
<VirtualHost *:80> DocumentRoot /var/www/html <Directory /var/www/html> Allow from all </Directory> RailsBaseURI /billing <Directory /var/www/html/billing> Options -MultiViews </Directory> RailsEnv production Redirect permanent / https://www.example.com/ #Add this one. Put your hostname instead of www.example.com </VirtualHost>
And restart httpd service
service httpd restart
Also change from http to https in cron actions:
sed -i 's#http:#https:#' /etc/cron.d/*actions service crond restart
Configure Domain Name
If you have domain name, replace IP_ADDRESS (which will be your external IP address) with your domain name and regenerate certification files with new information with command bellow:
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
Enter information as requested, in common name section please enter your domain name.
And restart httpd service
service httpd restart
Cron Actions
If SSL redirection is enabled, ensure that hourly actions are able to access GUI internally:
wget http://127.0.0.1/billing/callc/hourly_actions
if it does not work, adjust domain or add --no-check-certificate.
Once command works, make same adjustments on /etc/cron.d/mor_hourly_actions, mor_daily_actions and mor_monthly_actions.
!!!DO NOT TEST RUN daily AND monthly ACTIONS MANUALLY!!! just adjust cron files, save then and restart crond service.
Connection is not private Notification
When using self-signed certificate, you will get notification that your connection is not private.
To fix this, press Advanced and after - Proceed. You will see this message only once from same Browser/Computer. To avoid this message, you can buy certificates from SSL Providers.
Using your own certificates
If you want to use your (SSL Provider's) certificates, place certificate files somewhere in server and update following lines in /etc/httpd/conf.d/ssl.conf with location of those files:
SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
Restart apache to apply changes:
service httpd restart
