How to configure an SSL Certificate and Key for a vFunction Server
Overview
A vFunction Server can be configured to add an SSL Certificate to the vFunction frontend Container (vfunction-nginx) or to terminate SSL at a Load Balancer in front of the vFunction Server’s Containers. The steps below illustrate how to create a certificate, whether third-party-signed or self-signed, to add to the vfunction-nginx Container. Alternatively, see How To Terminate SSL on a Load Balancer in front of the vFunction Server.
Create a Certificate Authority-signed SSL Certificate and Key to the vFunction Server
Take the follow steps to generate a Certificate Authority-signed certificate and key for the vFunction Server
- Generate a Certificate Signing Request and Key for the vFunction Server
Root / Sudo Installation Package
sudo openssl req -new -newkey rsa:2048 -nodes -keyout /etc/sysconfig/vfunction/nginx/certs/server.key -out /etc/sysconfig/vfunction/nginx/certs/server.csr
Sudoless Installation Package
### Replace VFUNCTION_BASE_INSTALL_DIR with the actual path
sudo openssl req -new -newkey rsa:2048 -nodes -keyout VFUNCTION_BASE_INSTALL_DIR/vfunction/etc/sysconfig/vfunction/nginx/certs/server.key -out VFUNCTION_BASE_INSTALL_DIR/vfunction/etc/sysconfig/vfunction/nginx/certs/server.csr
- Provide the Certificate Authority with the Certificate Signing Request. The returned Certificate needs to be a PEM file (a text file containing one or more certificates forming a complete chain of trust in Base64 ASCII encoding, each with plain-text headers and footers [e.g. —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–])
- Modify the PEM certificate file’s name to be server.crt and move the PEM certificate file to the vFunction Server
Root / Sudo Installation Package
mv server.crt /etc/sysconfig/vfunction/nginx/certs/server.crt
Sudoless Installation Package
### Replace VFUNCTION_BASE_INSTALL_DIR
mv server.crt VFUNCTION_BASE_INSTALL_DIR/vfunction/etc/sysconfig/vfunction/nginx/certs/server.crt
- Run the vFunction Installation or Upgrade Script
Root / Sudo Installation Package
sudo bash /opt/vfunction/server-installation/install.sh
Sudoless Installation Package
### Replace VFUNCTION_BASE_INSTALL_DIR with the actual path
bash VFUNCTION_BASE_INSTALL_DIR/vfunction/opt/vfunction/server-installation/install.sh
Create a Self-Signed Certificate and Key for the vFunction Server
Take the following steps to create a self-signed certificate and key for the vFunction Server:
- Unpack the vFunction Server Installation TGZ
Root / Sudo Installation Package
### Replace VERSION with the actual version
sudo tar -Pxvzf vfunction-server-installation-vVERSION.tgz
Sudoless Installation Package
sudo tar -xvzf vfunction-server-sudo-less-installation-vVERSION.tgz
- Create the Certificate and Key
Root / Sudo Installation Package
sudo openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /etc/sysconfig/vfunction/nginx/certs/server.key -out /etc/sysconfig/vfunction/nginx/certs/server.crt
Sudoless Installation Package
### Replace VFUNCTION_BASE_INSTALL_DIR with the actual path
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout VFUNCTION_BASE_INSTALL_DIR/vfunction/etc/sysconfig/vfunction/nginx/certs/server.key -out VFUNCTION_BASE_INSTALL_DIR/vfunction/etc/sysconfig/vfunction/nginx/certs/server.crt
- Run the Installation / Upgrade Script
Root / Sudo Installation Package
sudo bash /opt/vfunction/server-installation/install.sh
Sudoless Installation Package
### Replace VFUNCTION_BASE_INSTALL_DIR with the actual path
bash VFUNCTION_BASE_INSTALL_DIR/vfunction/opt/vfunction/server-installation/install.sh