SSL Certificates

Create Certificate Request Certificates are free for *.ncsa.illinois.edu domains On the machine you are requesting an SSL, run the following command: openssl req -nodes -newkey rsa:4096 -sha256 -keyout myserver.ncsa.illinois.edu.key -out myserver.ncsa.illinois.edu.csr Can be rsa:2048 for web server, but I think it’s only good for 1 year

Certificate Request (2) Field Field Value Organization University of Illinois Organizational Unit (or Department) NCSA Locality Urbana State/Province IL Country (2 character ISO code) US Common Name covercrop.ncsa.Illinois.edu Mail the CSR to help+ca@ncsa.illinois.edu to create a ticket, the KEY file is the private key!

Installing the Certificates You should install both the primary and intermediate certificates Primary: X509 Certificate only, Base64 encoded Intermediate: X509 Intermediates/root only, Base64 encoded You should have two files, myserver_cert.cer and myserver_interm.cer Copy the files to your server and cat the files for f in *.cer; do (cat "${f}"; echo) >> nginx.crt; done Copy nginx.crt and the original private KEY file to /etc/ssl

Configure NGINX For NGINX, edit /etc/nginx/sites-enabled/your-site If you don’t already have it, you will need to add a server block for SSL server { listen 443; ssl on; ssl_certificate /etc/ssl/nginx.crt ssl_certificate_key /etc/ssl/nginx.key etc } Backup the email/certs in lastpass

SSL Request Resources https://wiki.ncsa.illinois.edu/display/ITS/SSL+Certificates https://wiki.ncsa.illinois.edu/display/cybersec/NCSA+Certificate+Re quests