Skip to content

DGLux Server SSL (HTTPS)

Jump to bottom
Ilya Tsarev edited this page Jul 31, 2020 · 1 revision

How to configure HTTPS connection for DGLux Server

Open server.json in the server's root folder. Change the following settings to disable the default HTTP port and make sure HTTPS port is present.

"port": 0,
"httpsPort": 443,

We set default port to 0 so DGLux Server doesn't listen on that port at all. This way the only way to access DGLux web UI is using SSL connection to HTTPS port. Another way to achieve that is to use a redirect. However, this requires installing NGINX proxy in front of the DGLux Server.

Restart the server after the changes.

DGLux Server automatically generates self-signed certificates when first started, so no additional setup is required for your testing environment. However, if you'd like to use trusted certificates issued by a third-party provider, please follow instructions below.

Install SSL certificates for DGLux Server

You will need two PEM files:

  • A file that contains all certificates from the root authority of your certificate.
  • A file that contains your encrypted private key.

Place these files in the certs directory of your DGLux Server installation (the dglux-server folder). If you do not have a certs directory, create it.

Configure the following in your server.json file, filling in the correct details:

  "certName": "certificate.pem",
  "certKeyName": "key.pem",
  "certPassword": "mypassword",

The configuration above would look for the certificate file at dglux-server/certs/certificate.pem, the key file at dglux-server/certs/key.pem and decrypt the certificate with the password mypassword.

On November 23rd of 2015, the system that is used for SSL changed.

Servers installed before November 23rd, 2015

Go to your DGLux Server installation folder. Normally it is located in: /opt/dsa/dglux-server/

Certificate generation requires certutil. On Ubuntu install using:

apt-get install libnss3-tools

cd /opt/dsa/dglux-server/
mkdir certs
cd certs
certutil -N -d 'sql:./'
certutil -S -s 'CN=YourOwnCertificateName' -n 'Certificate Description' -x -t 'C,C,C' -m 1000 -v 9 -d 'sql:./' -k rsa -g 2048

Update your server.json certName to CN=YourOwnCertificateName as well as the NSS database password.

{
  "certName": "CN=YourOwnCertificateName",
  "certPassword": "password",
}

Add an existing certificate with a private key

Convert pem to pkcs12

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CAcert.crt

Add the key to a database with pk12util

pk12util -i server.pfx -d/path/to/database -W password

Protocol
 ◌ Design
 ◌ Initializing Connection
 ◌ Node API
  ◌ Methods
  ◌ Broker
   ◌ Broker Discovery
  ◌ Configs
  ◌ Value Types
 ◌ Tokens
 ◌ Quality of Service
DSLink Manager
 ◌ dslink.json
 ◌ Startup Command
SDK Development
 ◌ Implementation Guide
DSA Server
 ◌ Installation
 ◌ Update Server
 ◌ Server Configuration
 ◌ CLI Tools
 ◌ DSA Permission Basics
 ◌ DSA Permission Model
  ◌ Permission List for the Root
 ◌ Authentication
  ◌ OpenID Connect
  ◌ Password Hasher
 ◌ DGLux Server SSL (HTTPS)
 ◌ Docker
 ◌ Audit
 ◌ Data Node
 ◌ Install NGINX with DSA Server
 ◌ Configure Ubuntu Linux to auto start DSA server
 ◌ Troubleshooting

Clone this wiki locally