Create Local SSL Certificate (Untrusted)

For debugging and testing, setting up a local SSL certificate on a staging system can be useful for various scenarios:

Copy and paste nodes between streams (available only when SSL is activated)
Export and import streams without needing to adjust potential HTTPS endpoints
Use encrypted communication for secure data transfer

Note: The drawback is that the certificate won't be trusted by a root authority.

Prerequisites

Establish an SSH connection to the Helmut4 server:

# Ensure OpenSSL is installed/available
sudo apt-get update
sudo apt-get install openssl -y

Generate a Certificate Signing Request (CSR) using the key:
```
openssl req -new -key server.key -out server.csr
```
During this process, you'll be prompted to enter information about your organization. Make sure to enter fusion-helmut as the Common Name (CN) when prompted:
- Country Name: Enter your two-letter country code (e.g., US).
- State or Province Name: Enter your state or province name.
- Locality Name: Enter your city.
- Organization Name: Enter your organization’s name.
- Organizational Unit Name: Enter your department.
- Common Name: Enter fusion-helmut (this is important as it matches the DNS name).
- Email Address: Enter your email address.
You can leave the other fields (Challenge Password, etc.) blank.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The certificate will be valid for 365 days.

cd /root/certs
openssl x509 -in server.crt -text -noout

Please refer to this documentation: Enable https mode

Last updated 2 months ago