How can I enable HTTPS support on my OnApp control panel, running on CentOS 6.
All OnApp Versions
Enabling SSL in CentOS can come with a few extra steps. You will need to use the command update-ca-trust, which was not needed in other versions.
Here are the steps required. We are assuming we have plain text certifications to cover all bases, these files could very well already be in place when you go to install. In a nutshell: there are 3 files: Certification, Intermediate/chain, and private key. Cert and private key will just need placed in correct directory, while the chain will have to be appended to a file using the update-ca-trust command. Then we edit the /etc/httpd/conf.d/onapp.conf to point to these files and restart httpd.
1. Create files in these locations, corresponding to the type of file. You should see which type it is by viewing it's contents. You should see something like ----BEGIN PRIVATE KEY----.
Private key -- /etc/pki/tls/private/<file>.key
Certification -- /etc/pki/tls/cert/<file>.crt
Intermediate -- /etc/pki/ca-trust/source/anchors/<file>.crt
2.Once these files are in place you will need to run these two commands to create correct cert file. This command will take all contects on the /etc/pki/ca-trust/source/anchors directory and add them to a file in /etc/pki/tls/cert.
You should now see a file like this: /etc/pki/tls/cert/ca-bundle.crt
3. Edit the /etc/httpd/conf.d/onapp.conf to include these lines. All three should be there, but if they aren't, add them.
4. Restart httpd and check if installed correctly on SSLShopper
service httpd restart;https://www.sslshopper.com/ssl-checker.html
Concerning OnApp upgrades-- make sure appropriate values are set in /onapp/onapp-cp.conf
# OnApp Control Panel SSL certificates (please do not change if you aren't familar with SSL certificates)
# * The data below to generate self-signed PEM-encoded X.509 certificate
SSL_CERT_COMMON_NAME=`hostname --fqdn 2>/dev/null`
# SSLCertificateFile, SSLCertificateKeyFile Apache directives' values
# ssl_certificate, ssl_certificate_key Nginx directives' values
# * PEM-encoded CA Certificate (if custom one exists)
# SSLCACertificateFile, SSLCertificateChainFile Apache directives' values
# ssl_client_certificate Nginx directives' values
# SSLCipherSuite, SSLProtocol Apache directives' values
# ssl_ciphers, ssl_protocols Nginx directives' values
This way /etc/httpd/conf.d/onapp.conf will contain the correct values after an upgrade.