{"_id":"58fe142d180afa25006c7982","version":{"_id":"58fe142d180afa25006c7974","project":"54e7fca9e6e77d1900ed11f0","__v":2,"createdAt":"2017-04-24T15:05:17.571Z","releaseDate":"2017-04-24T15:05:17.571Z","categories":["58fe142d180afa25006c7975","58fe142d180afa25006c7976","58fe142d180afa25006c7977","58fe142d180afa25006c7978","591f725ffc05d30f00488267"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.1.0","version":"1.1"},"parentDoc":null,"__v":2,"category":{"_id":"58fe142d180afa25006c7976","version":"58fe142d180afa25006c7974","project":"54e7fca9e6e77d1900ed11f0","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-04-25T01:54:38.235Z","from_sync":false,"order":1,"slug":"tutorials","title":"Tutorials"},"project":"54e7fca9e6e77d1900ed11f0","user":"54e78c71523b1b2f00e6f321","updates":["55bcc0950ace412300384864","562052149f539e0d002d666a","5910473265a5731b00211569","5928b88d13f7ad19009c4da3"],"next":{"pages":[],"description":""},"createdAt":"2015-05-03T02:32:04.586Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":0,"body":"[block:callout]\n{\n  \"type\": \"info\",\n  \"body\": \"This tutorial is written for setting up pufferd instances with SSL. However, for the most part it is pretty similar for your webserver, and tutorials can be easily found online.\"\n}\n[/block]\nSSL certificates are highly suggested to be used for both pufferd and PufferPanel, due to the nature of some data being transmitted across both services.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Signing Authorities\"\n}\n[/block]\n* [Digicert](https://www.digicert.com)\n* [Comodo](https://ssl.comodo.com)\n* [Thawte](https://www.thawte.com/ssl/)\n* [Symantec](http://www.symantec.com/ssl-certificates/)\n* [Geotrust](https://www.geotrust.com/ssl/)\n* [RapidSSL](https://www.rapidssl.com)\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Signed Certificates\"\n}\n[/block]\nGenerating a signed certificate is recommended for anyone who is running PufferPanel in a live environment. The first thing we need to do is generate a *Certificate Signing Request (CSR)* which we will provide to our signing authority.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"cd /etc/pufferd\\nopenssl req -new -newkey rsa:4096 -nodes -keyout https.key -out yourdomain.csr\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\nThis should output something similar to this:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"-----\\nYou are about to be asked to enter information that will be incorporated\\ninto your certificate request.\\nWhat you are about to enter is what is called a Distinguished Name or a DN.\\nThere are quite a few fields but you can leave some blank\\nFor some fields there will be a default value,\\nIf you enter '.', the field will be left blank.\\n-----\\nCountry Name (2 letter code) [AU]:US\\nState or Province Name (full name) [Some-State]:New York\\nLocality Name (eg, city) []:New York\\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:PufferPanel\\nOrganizational Unit Name (eg, section) []:SSL\\nCommon Name (e.g. server FQDN) []:example.yourdomain.tld\\nEmail Address []:email:::at:::example.com\\n\\nPlease enter the following 'extra' attributes\\nto be sent with your certificate request\\nA challenge password []:\\nAn optional company name []:\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"danger\",\n  \"title\": \"\",\n  \"body\": \"It is critically important that you fill out this CSR with correct information. When it asks for `Common Name (e.g. server FQDN) []:` you must enter the Fully Qualified Domain Name (e.g. `pufferd.example.com`) or this request will fail and be an invalid certificate. Do **not** enter an IP address here, it **must** be a FQDN.\"\n}\n[/block]\nAfter this you will need to provide this CSR to your signing authority which will guide you through some additional steps and generate your certificate for you. You can run `cat yourdomain.csr` to output the request. \n\nOnce your request has been approved and you have been given the key and pem, place those files (named https.key and https.pem) into the pufferd data folder (/etc/pufferd) and restart pufferd. At this point please also make sure that your nodes public ip is set to the FQDN (e.g. `pufferd.example.com`) .\n\nAfter doing this you should be able to start pufferd and your instance will be accessible over a secure connection. You will need to tell your computer to trust this certificate when viewing the webpage, and if the information above is filled out wrong PufferPanel will be unable to connect to pufferd.","excerpt":"","slug":"configuring-ssl-certificates","type":"basic","title":"Configuring SSL Certificates"}

Configuring SSL Certificates


[block:callout] { "type": "info", "body": "This tutorial is written for setting up pufferd instances with SSL. However, for the most part it is pretty similar for your webserver, and tutorials can be easily found online." } [/block] SSL certificates are highly suggested to be used for both pufferd and PufferPanel, due to the nature of some data being transmitted across both services. [block:api-header] { "type": "basic", "title": "Signing Authorities" } [/block] * [Digicert](https://www.digicert.com) * [Comodo](https://ssl.comodo.com) * [Thawte](https://www.thawte.com/ssl/) * [Symantec](http://www.symantec.com/ssl-certificates/) * [Geotrust](https://www.geotrust.com/ssl/) * [RapidSSL](https://www.rapidssl.com) [block:api-header] { "type": "basic", "title": "Signed Certificates" } [/block] Generating a signed certificate is recommended for anyone who is running PufferPanel in a live environment. The first thing we need to do is generate a *Certificate Signing Request (CSR)* which we will provide to our signing authority. [block:code] { "codes": [ { "code": "cd /etc/pufferd\nopenssl req -new -newkey rsa:4096 -nodes -keyout https.key -out yourdomain.csr", "language": "shell" } ] } [/block] This should output something similar to this: [block:code] { "codes": [ { "code": "-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:US\nState or Province Name (full name) [Some-State]:New York\nLocality Name (eg, city) []:New York\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:PufferPanel\nOrganizational Unit Name (eg, section) []:SSL\nCommon Name (e.g. server FQDN) []:example.yourdomain.tld\nEmail Address []:email@example.com\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\nAn optional company name []:", "language": "shell" } ] } [/block] [block:callout] { "type": "danger", "title": "", "body": "It is critically important that you fill out this CSR with correct information. When it asks for `Common Name (e.g. server FQDN) []:` you must enter the Fully Qualified Domain Name (e.g. `pufferd.example.com`) or this request will fail and be an invalid certificate. Do **not** enter an IP address here, it **must** be a FQDN." } [/block] After this you will need to provide this CSR to your signing authority which will guide you through some additional steps and generate your certificate for you. You can run `cat yourdomain.csr` to output the request. Once your request has been approved and you have been given the key and pem, place those files (named https.key and https.pem) into the pufferd data folder (/etc/pufferd) and restart pufferd. At this point please also make sure that your nodes public ip is set to the FQDN (e.g. `pufferd.example.com`) . After doing this you should be able to start pufferd and your instance will be accessible over a secure connection. You will need to tell your computer to trust this certificate when viewing the webpage, and if the information above is filled out wrong PufferPanel will be unable to connect to pufferd.