Summary
How to create and install self-signed Apache certificate on Electric CloudBees CD (CloudBees Flow) server.
Solution
-
Generate a Private Key
For such needs openssl tool can be used.
openssl genrsa –des3 –out server.key 2048
command above allow you to create your RSA Private Key, during the execution you’ll be prompted to enter a pass phrase for your key.
output of the command:
Generating RSA private key, 2048 bit long modulus ...............................+++ ..................................................+++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
-
Generate a Certificate Signing Request
After private key is generated Certificate Signing Request can be generated.
openssl req -new -key server.key -out server.csr
You will be prompted for next information to input:
Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []:
This CSR can be sent to Certificate Authority, who will verify identity of the requestor and issue a signed certificate_ _. |
-
Remove Passphrase from key
By removing passphrase from certificate, we allow apache to not to ask it each time the service is started.
cp server.key server.key.org openssl rsa -in server.key.org -out server.key
-
Generate Self-signed Certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
-
Backup your original Private Key and certificate
mv /opt/electriccloud/electriccommander/apache/conf/server.crt /opt/electriccloud/electriccommander/apache/conf/server.crt.orig mv /opt/electriccloud/electriccommander/apache/conf/server.csr /opt/electriccloud/electriccommander/apache/conf/server.csr.orig mv /opt/electriccloud/electriccommander/apache/conf/server.key /opt/electriccloud/electriccommander/apache/conf/server.key.orig
-
Copy newly generated Private Key and certificate
cp server.crt /opt/electriccloud/electriccommander/apache/conf cp server.csr /opt/electriccloud/electriccommander/apache/conf cp server.key /opt/electriccloud/electriccommander/apache/conf
Please make sure that these files have the same owner as all other files in electriccommander folder:
ls -la /opt/electriccloud/electriccommander/apache/conf/ total 272 drwxr-xr-x 3 build build 4096 Jul 3 19:22 . drwxr-xr-x 12 build build 4096 Jul 10 14:17 .. drwxr-xr-x 2 build build 4096 Jul 3 19:22 conf.d -rw-r--r-- 1 build build 26207 Jul 3 19:22 httpd.conf -rw-rw-rw- 1 build build 26211 Jul 3 19:22 httpd.conf.orig -rw-r--r-- 1 build build 12958 Sep 13 2016 magic -rw-r--r-- 1 build build 53011 Sep 13 2016 mime.types -rw-r--r-- 1 build build 42250 Jul 3 19:22 php.ini -rw-rw-rw- 1 build build 42261 Jul 3 19:22 php.ini.orig -rw-r--r-- 1 build build 875 Jul 3 19:22 server.crt -rw-r--r-- 1 build build 769 Jul 3 19:22 server.csr -r-------- 1 build build 887 Jul 3 19:22 server.key -rw-r--r-- 1 build build 534 Jul 3 19:22 serverssl.cnf -rw-r--r-- 1 build build 12410 Jul 3 19:22 ssl.conf -rw-rw-rw- 1 build build 12417 Jul 3 19:22 ssl.conf.orig
-
Restart commanderApache.
/etc/init.d/commanderApache stop /etc/init.d/commanderApache start