Introduction

IraDialerWeb by default uses a self signed certificate for providing secure access to the web APIs. This document explains the process of switching from self signed to a commercial CA signed certificate. We have used Godaddy as an example of commercial CA in this document. The process should mostly remain the same for other commercial CAs as well.

Prerequisite

In order to use a commercial CA certificate, the server IP should be associated with a domain name. This document assumes that the domain name example.com is associated with the server in question. Replace example.com with the actual domain name in all the steps below.

Buying and Downloading the certificate

Generating CSR and Private Key

Prior to purchasing a cert, you might need to generate a private key, and a CSR file (Certificate Signing Request). You will be asked for the content of the CSR file when ordering the certificate.

First, create a folder to put all the ssl certificates.

 

Then, generate a private key named example.com.key, and a CSR named example.com.csr.

 

At this point, you will be prompted for several lines of information that will be included in the certificate request. The most important part is the Common Name field which should match the name that you want to use your certificate with - for example, example.com, www.example.com, or (for a wildcard certificate request) *.example.com.

This will generate two files:

• example.com.key : The private key.

• example.com.csr : The CSR file.

Now you can purchase the certificate. You will have to copy and paste the content of the CSR file in the request for a SSL certificate. You can get the file content using the command below.

 

Download Certificate

The CA will now verify that you control the domain. In the case of Godaddy, you will receive an email as soon as your SSL certificate is issued with a link to download it. Select Apache from the server type dropdown menu and download the zip archive. It should contain two .crt files.

• Your SSL Certificate with a random name (Ex. 93rfs8dhf834hts.crt)

• The GoDaddy intermediate certificate bundle (gd_bundle-g2-g1.crt)

Rename the first one as example.com.crt and the second one as intermediate.crt.

Note: Some commercial CAs will also have an option to automatically generate the CSR and private key on their web portal. You can choose to opt for the same. Ensure the bundle you download from the CA web portal has the CSR and the private key files included.

The certificate is now ready to be installed on the web server.

Install Certificate On Web Server

File and permissions

Upload example.com.crt and intermediate.crt inside the folder you've created before:

 

With Nginx, if your CA includes an intermediate certificate, you must create a single chained certificate file that contains your certificate and the CA's intermediate certificates.

You can use this command to create a combined file called example.com.chained.crt:

cat example.com.crt intermediate.crt > example.com.chained.crt

The key file should be having ASCII encoding. There are chances that the created key file might have UTF8 encoding by default. So change the encoding to ASCII running the command below.

 

And now you should change the access permission to this folder:

 

Update the configuration

Create a configuration snippet file with the path to the files we uploaded in the previous step. Since we are using Godaddy certificate in this example, we will create a file godaddy.conf

 

The content of the file based on our previous steps will be:

 

Make sure you give the file name and the content as per your CA and the domain name.

Now make the iraDialerWeb site on Nginx use this godaddy.conf instead of the self-signed.conf

 

Change the line below:

Before

 

After

 

The configuration is complete. Restart nginx server for the changes to take effect.