Overview
If you are moving towards using HTTPS instead of HTTP while accessing the MGR GUI, you should enable HTTPS and disable HTTP. If the end-user wants to use a CA-signed certificate, they should purchase this on their own from a trusted certificate authority.
This article provides step-by-step instructions on how to copy the certificate received from the registration authority and install it to access the MGR GUI.
Process
Step 1: Copying the Certificate
- Collect the certificate from the certificate registration authority. After the certificate request has been approved, the end-user who purchased the CA-signed certificate receives an email from the registration authority containing a link to a location where the certificate can be obtained.
- Clicking on this link brings up a browser window that contains the details of your issued certificate and includes a section that looks like the following:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE----- - Copy everything you see between and including the lines that look like:
-----BEGIN CERTIFICATE----- (and) -----END CERTIFICATE-----
- Paste to the crt file in the MGR node. In the MGR node, as a TextPass user, back up the server.crt file:
$ cp -p /var/TextPass/MGR/conf/ssl/server.crt /var/TextPass/MGR/conf/ssl/server.crt_YYYYMMDD
- Paste the new certificate copied to the server.crt file in the MGR node.
Step 2: Installing the Certificate
- Copy the certificate file (server.crt) to the directory below:
/var/TextPass/MGR/conf/ssl/
- Go to the
/var/TextPass/MGR/conf/ssl/
directory. - Backup the existing server.key file:
$ cp -p server.key server.key_YYYYMMDD
- Generate the server key using the command:
$ openssl genrsa -des3 -out server.key 2048
Output:
Generating RSA private key, 1024 bit long modulus
..................................................................++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: 123456
Verifying - Enter pass phrase for server.key:123456 - Check if the key was created:
$ ls -ltrh /var/TextPass/MGR/conf/ssl/
Step 3: Enabling HTTPS and Disabling HTTP
To enable or disable HTTP or HTTPS, follow these steps as a TextPass user:
- Go to
/var/TextPass/MGR/conf/
. - Back up the existing MGR.conf file:
$ cp -p MGR.conf MGR.conf_YYYYMMDD
- Update the MGR.conf file based on what you want to achieve. If the command line is not commented out, then it is configured to work. :
- To disable, comment the lines of the access you want to disable.
- To enable, comment out the lines.
- As a root user, restart the MGR process to apply the changes:
# systemctl restart mgr
- After the MGR process has fully restarted, test the GUI access based on the changes made.