Featured case study
EDGE Manager quick start guide
- Product documentation
- Inseego 5G SD EDGE™
- EDGE Manager quick start guide
Provision SSL certificate
root@myem# mkdir /ssl root@myem# mkdir /ssl/certs root@myem# cd /ssl/certs
Commercial or Enterprise CA
Provide CSR to CA.
root@myem# openssl req -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.csr root@myem# cat nginx-selfsigned.csr
Upload signed certificate into /ssl/certs.
Put signed certificate into DER, Base-64 encoded form and save it as nginx-selfsigned.crt.
root@myem# openssl x509 -outform der -in mycert.pem -out nginx-selfsigned.crt
NOTE: You may have to include the root & intermediate certificates.
root@myem# cat caroot.crt cainter.crt mycert.crt > nginx-selfsigned.crt
Let’s Encrypt CA (not recommended for production)
Prepare the host:
root@myem# mkdir /letsencrypt root@myem# mkdir /root/ssl-letsencrypt root@myem# nano /root/ssl-letsencrypt/nginx.conf
Paste in these contents and replace the domain “my-em.mydomain.com” with your domain:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
#include /etc/nginx/conf.d/*.conf;
events {
worker_connections 1024;
}
http {
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name my-em.mydomain.com;
location /.well-known/acme-challenge/ {
root /letsencrypt;
}
location / {
gzip off;
root /usr/share/nginx/html/;
index index.html;
}
}
}TIP: Use CTRL-O to save, CTRL-X to exit, and Return to accept prompts at the bottom of the screen.
Start NGINX container:
root@myem# docker run -it -d --name nginx -v /root/ssl-letsencrypt/nginx.conf:/etc/nginx/nginx.conf -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt -p 80:80 -p 443:443 nginx
Obtain Certbot container:
root@myem# cp -r /home/ma-admin/.aws /root/ root@myem# aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 836891784212.dkr.ecr.us-west-2.amazonaws.com
Start Certbot container’s shell:
root@myem# docker run -it --rm --name certbot -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt 836891784212.dkr.ecr.us-west-2.amazonaws.com/longship:certbot bash
Request certificate from Let’s Encrypt.
root@randomhexstring# certbot certonly --webroot –webroot-path /letsencrypt --no-eff-email --email [email protected] --domain my-em.mydomain.com
Clean up:
root@myem# exit root@myem# docker kill nginx root@myem# docker rm nginx
Copy certificates and key:
root@myem# cd /ssl/certs root@myem# cp /letsencrypt/certs/archive/*/* ./ root@myem# cp fullchain1.pem nginx-selfsigned.crt root@myem# cp privkey1.pem nginx-selfsigned.key