5G SD EDGE Manager quick start guide
- Product documentation
- Inseego 5G SD EDGE™
- Global
- EDGE Manager quick start guide
Provision SSL certificate
[email protected]# mkdir /ssl [email protected]# mkdir /ssl/certs [email protected]# cd /ssl/certs
Commercial or Enterprise CA
Provide CSR to CA.
[email protected]# openssl req -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.csr [email protected]# cat nginx-selfsigned.csr
Upload signed certificate into /ssl/certs.
Put signed certificate into DER, Base-64 encoded form and save it as nginx-selfsigned.crt.
[email protected]# openssl x509 -outform der -in mycert.pem -out nginx-selfsigned.crt
NOTE: You may have to include the root & intermediate certificates.
[email protected]# cat caroot.crt cainter.crt mycert.crt > nginx-selfsigned.crt
Let’s Encrypt CA (not recommended for production)
Prepare the host:
[email protected]# mkdir /letsencrypt [email protected]# mkdir /root/ssl-letsencrypt [email protected]# nano /root/ssl-letsencrypt/nginx.conf
Paste in these contents and replace the domain “my-em.mydomain.com” with your domain:
user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; #include /etc/nginx/conf.d/*.conf; events { worker_connections 1024; } http { include /etc/nginx/conf.d/*.conf; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; server_name my-em.mydomain.com; location /.well-known/acme-challenge/ { root /letsencrypt; } location / { gzip off; root /usr/share/nginx/html/; index index.html; } } }
TIP: Use CTRL-O to save, CTRL-X to exit, and Return to accept prompts at the bottom of the screen.
Start NGINX container:
[email protected]# docker run -it -d --name nginx -v /root/ssl-letsencrypt/nginx.conf:/etc/nginx/nginx.conf -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt -p 80:80 -p 443:443 nginx
Obtain Certbot container:
[email protected]# cp -r /home/ma-admin/.aws /root/ [email protected]# aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 836891784212.dkr.ecr.us-west-2.amazonaws.com
Start Certbot container’s shell:
[email protected]# docker run -it --rm --name certbot -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt 836891784212.dkr.ecr.us-west-2.amazonaws.com/longship:certbot bash
Request certificate from Let’s Encrypt.
[email protected]# certbot certonly --webroot –webroot-path /letsencrypt --no-eff-email --email [email protected] --domain my-em.mydomain.com
Clean up:
[email protected]# exit [email protected]# docker kill nginx [email protected]# docker rm nginx
Copy certificates and key:
[email protected]# cd /ssl/certs [email protected]# cp /letsencrypt/certs/archive/*/* ./ [email protected]# cp fullchain1.pem nginx-selfsigned.crt [email protected]# cp privkey1.pem nginx-selfsigned.key