A valid SSL certificate is required to use the HTTPS protocol. An SSL certificate contains authentication information that helps to encrypt and secure communications.
The certificate plays a key role in constructing a secure project as it ensures the security of communications between clients and servers.
This article describes how to configure an SSL certificate for FineOps through simple operations on front-endpages to meet the requirement of accessing FineOps via HTTPS.
This ensures that FineOps uses a secure communication protocol and protects user data with encryption.
Before configuring the certificates, you must first apply for the certificate for the server where FineOps is hosted.
You need to purchase a certificate (usually authenticated by internationally recognized certificate authorities (CAs) such as VeriSign and GlobalSign) from a CA vendor by yourself.
The relevant documents and requirements for the certificate are described in the following table.
Prepare the certificate.
Prepare a CRT or PEM certificate. (Nginx only supports these two formats.)
Prepare the private key file corresponding to the certificate.
The filename extension must be .key.
1. Confirm correspondence between the domain name and the certificate.
Upload the certificate to the machine with a JDK environment installed and navigate to the certificate directory.
Use the following command to print the certificate information.
keytool -printcert -file Certificate name.pem
Confirm the domain name bound to the certificate, which is the value after Owner: CN in the returned value.
2. Confirm correspondence between the domain name and the IP address.
Ensure the domain name of the certificate resolves to the IP address of the FineOps server.
As operations on different servers may vary, FanRuan does not provide instructions for this operation. Contact your server vendor for assistance.
After successful resolution, you (as the admin) can use the following command to verify if the returned IP address is correct.
ping Domain name
Prepare an available port on the FineOps server for subsequent access to FineOps.
Ensure that the port is open in the firewall and is accessible.
Use the default HTTPS port 443 if you want to access FineOps through the domain name without adding a port number.
This document uses the port 443 for illustration.
1. Log in to FineOps as the admin and choose Platform Management > O&M Component.
2. Find the Nginx component and click Modify Configuration.
3. Upload the prepared certificate and the private key file in SSL Configuration, and fill in the domain name and port number. Click OK.
1. View the prompt "Enabling SSL will restart the FineOps Nginx component, during which FineOps will be inaccessible for a few minutes. After the restart, the HTTPS address is URL (the URL after the corresponding domain name). Continue?"
2. Click Continue and Restart. FineOps will automatically perform the following checks and configuration, which may take some time.
Check whether the entered port number is available. The configuration will fail if it is unavailable.
Upload the certificate and the private key file to /nginx/conf/ssl.
Use the original command to create an Nginx component, enable the port 443, and add the SSL-related configuration to environment variables.
Restart Nginx. The HTTPS access is enabled after the restart.
After a successful restart, you can access the project using the address in the prompt.
Type https://Domain name:Port number/ops/decision in the address bar of a browser and check if you can access the project. If a secure connection symbol appears, the SSL configuration is successful.
Enter the actual domain name.
The port number is the one used for SSL configuration and can be omitted if it is 443.
If the certificate expires and you need to renew it, refrain from following the procedures in the "Initial SSL Certificate Configuration" section. Refer to the following instructions instead.
1. Replace the certificate manually.
Upload the certificate and the private key file to /nginx/conf/ssl in the mounting directory of the FineOps Nginx component.
Ensure the new certificate and the private key file have the same names as the old ones to achieve complete overwriting.
2. Restart the Nginx component.
Log in to FineOps as the admin.
Choose Platform Management > O&M Component, find the Nginx component, and click Restart.
The new certificate will take effect after a successful restart.
Issue Description: When you upload the certificate, an error message is displayed: "/usr/local/ssl.crt (Permission denied)."
Cause Analysis: In FineOps of older versions, during certificate file upload, the system attempted to temporarily store the file in /usr/localof the container, which could cause the upload operation to fail due to insufficient directory permission.
Solution: Upgrade FineOps to V2.9.0 or later versions, and then retry the certificate upload. Starting from V2.9.0, the temporary storage path for certificate files has been changed to /usr/tmp. This directory has a lower permission requirement.
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy