Generally the web UI is an easy and convenient way to generate a CSR and upload the resulting certificate for use by Lighthouse's web UI and API services. This can be found in the user manual under "Examine or modify the Lighthouse SSL certificate"
If you wish to upload an alternative self-signed certificate, or otherwise reinstall a previously issued certificate, follow the steps below.
Note: Take care when handling unencrypted private key data. To maintain system security, your key must be stored securely (e.g. password protected, encrypted) and transmitted securely (e.g. over SSH or HTTPS).
- Login to the Lighthouse CLI as root, or login as a Lighthouse Administrator user and become root with:
- Run this command:
- Paste your public certificate in unencrypted PEM format, hit enter, then Ctrl-D
- If you have a certificate chain, paste them in this order. Make sure no spaces between certificate.
hit enter, then Ctrl-D
- Run this command:
- Paste your private key in unencrypted PEM format, hit enter, then Ctrl-D
- Apply them by running this command:
echo -e "set services.https.certificate =$cert\nset services.https.private_key =$key\npush" | ogconfig-cli
- If successful, you will see a message similar to:
root-1-services_https_certificate: Blob (7559 bytes) root-1-services_https_private_key: Blob (1704 bytes) OK
- Refresh the Lighthouse web UI and check the certificate
Optional: You can view the currently installed certificate and private key with:
ogconfig-cli -c 'export services.https.certificate' | cut -f2- -d= | base64 -d ogconfig-cli -c 'export services.https.private_key' | cut -f2- -d= | base64 -d ogconfig-cli -c 'export services.https.certificate' | cut -f2- -d= | base64 -d | openssl x509 -text -noout
How to generate self signed certificate?
If the certificate "Commit failed" and Web UI is inaccessible. Please run the commands below to generate self signed certificate.
If the above command did not restart web UI, then run command below.