Overview
The ssl-folder contains configuration files and scripts for HTTPS certificates, to ensure the security of the DINGO-Stack web services.
A CA (certificate authority), is an entity that issues digital certificates, signed by its root CA certificate. It acts as a trusted third party, between the owner of a certificate and the party relying upon the certificate.
The root CA certificate is already generated when the DINGO-Stack is installed. It consists of two files: the private DinGoCA.key and the public DinGoCA.pem.
It could be that the user has its own root CA certificate, that it wants to use. In that case the user should follow these steps:
- That a backup of the existing DinGoCA.key and DinGoCA.pem files.
- Copy the users private key and public certificate in PEM-format to the ssl-folder.
- Rename the users files to DinGoCA.key and DinGoCA.pem.
- Restart the DINGO device.
When the DINGO device boots, it will acquire an IP-address. The boot sequence will automatically create a HTTPS certificate, based on the IP, by executing the rn_auto_create_self_signed_for_ip.sh script, within rc.local.
If the HTTPS certificate shall also be adapted to the other IP´s, like the public IP of a router, and hostnames, then they can be added to openssl.cnf.
It could be that the user has its own HTTPS certificate, that it wants to use. In that case the user should follow these steps:
- Copy the HTTPS certificate files (.key and .crt) to the ssl-folder. Give them distinctive names.
- Go to HTTP setup within the DINGO-Manager and enter the SSL certificate management.
- Enter the path and names of the private key and certificate file, in the fields in the bottom of the window. Then save the changes in the DINGO-Manager.
- Restart the DINGO device.