understending ssl guide setup
481 views
Skip to first unread message
Mark Lin
Dec 14, 2015, 3:57:04 AM12/14/15
to BigBlueButton-Setup
Hello,
trying to setup self sign sertificate with openssl to bbb.
folowed this guide - https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04
to get the files:
ngink.key
nginx.crt
i added new file according - /etc/nginx/ssl/bigbluebutton.example.com.key
-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDAVfXBauUValvi 5JW8Fw0XUdnfuCkZATUVoztJQhkI4jB2jRdFSlMRNbh6fY/faj0D3yQ7ag1UWqwS FeHhDPRyyWAOPFQ9iiorgH6UiQXcodsgHgo0zrctxSUnnH+gwwMvgHjIWD+eH7pUdGY 52rO4H30eNncBAlR3rWyV3JBgZJoUYd9XQPJ5Pmqft8dGya07KQQ6W+TAoGACAWE 4bOHFrObVEOq8M8+A6Qb89GMYGbVhSY/91wkQ19vo1ow9ZEbIhdUmL6Es7Y3DwZb L9NK1XlE3F5XL6ufpciBRiDb8aTLA+h/545+eQzfMHJ2TThIo+MThUTmeSrXp6Jh y1M85Fbu8hCJ0Z1qwr592lRAV6P6FnLvOUG+e8kCgYEA1DjsDNAeBXVUIyrTIHEe 90XgMgkkgqeUZIGrD4XM6WNlzmJ/VBwScM9ljAPMHjIRsH5GwXAgMBAAECggEAX+ G6bNy8LSvjeL3Zg3W+WfS895FYM5Xtf8brBD9GOa6A2GjHxAwkUv0D5VR5B7hviG gY00l1rLnnIkH1rnpXDK2AaXPn5hbdYBEnN+N3QTuYzBvE0EDnn7hTiZRrTMqvCu zpmaDQPzxAvligQUojkI0suyIElrrdHvaz1VE3rusz+KT71mrUkQDGJVoRh/q9dZ CmhmHwPhzVgwmefunZZfrZ3QFWnK1jkIZIh52dpV0J2gM+AyRq7RPsUfr6Dr0q4U oBS20J2Z26WCTCTFZO8fFQE2UXWZzHRy6IB6e5ebX0NUA7jSwJaDsqvwd3pjLgax /AJPpPFaJ0hW72IfV9SNe3SM7vPUQ0oc7x+T7z802iJUbzfbvom8+clUoJ+5XmOz y9fo+IXDx0mRo7EtoPnbUceWEBbYmzu7fZ/YPUXxs+p6Lyo8i/MKzP8QPPk/SY4N EufKDwlwP3YccHUb1mzhUfnXqbNgjYN9KPIQ0eFrEQTx8ImpqhV7yVVQSlJFo0O5 EvY2yvtY/V5gZJ7rMFnGxKS1eNeWDWmqoXBxmMBrWQKBgQDudWttprTC/hspTxjn qt6Gj9ShBXa/Nme4h6AZFVceZMkXoKF/id+tOTwBcOJxLmq8vhzgu5trbMIqH9/g FpKFTZU2gw5Qbno3BXgPHoN5Tzc7enPM3FrBfrRhy6uV1hoPnSXJBGqZMY6I4i9O Ffr//u7A/21ybMm9w5xF5Mh8awKBgQDOe/fgq2qbHisFuyTZaECkT5g5qlni9lbf mY0h/yhfSoIw2Z8Lq5vFhs5V+1GrbeDAy7w/ZQSzyyT3Rbyh93w4UsIf/P2jKn+R WKqJyx0dF/R4BYFGcZt3oDeJy7ArkeFHmGBMHpbIRx4QcDOys2szzv3e1DpO3Ps3 Z7wMKc16BQKBgBRHDeScKYDvZNXlcQO6RwQAVR+APHHUKYvKlLWtV+Qww9zrfvA+ yfy9ee4OKEFde55ZU1CjJIrtCaLvgEhPWnm5WithzmE/mxopEkSsaZOTmLdME3da Kmb2Tl3Y5afWYSnH0G9GSL2hUEsxM4dAZ43UmTBA6dzU8U4dYyZbwDsMXLD/H0yj aP4Rn2vFvCgEldknpzDM= -----END PRIVATE KEY----- END
Now i don't think i quite understood this section:
"
And the certificate file. Note that nginx needs your server certificate and the list of intermediate certificates together in one file (replace the hostname in the filename with your own):
cat >/etc/nginx/ssl/bigbluebutton.example.com.crt <<'END'
Paste (in order) the contents of the following files:
1. The signed certificate from the CA
2. In order, each intermediate certificate provided by the CA (but do not include the root).
END"Now, i don't think i quite understand this section
what should I do now?Thank you
Calvin Walton
Dec 14, 2015, 2:33:51 PM12/14/15
to bigbluebu...@googlegroups.com
Hi,
On Mon, 2015-12-14 at 00:57 -0800, Mark Lin wrote:
> > -----BEGIN PRIVATE KEY-----
Don't *EVER* share your private key in public! You must now go and
delete this key and create a new one.
> > aP4Rn2vFvCgEldknpzDM= -----END PRIVATE KEY----- END
>
> Now i don't think i quite understood this section:
> "
>
> And the certificate file. Note that nginx needs your server
> certificate and
> the list of intermediate certificates together in one file (replace
> the
> hostname in the filename with your own):
>
> cat >/etc/nginx/ssl/bigbluebutton.example.com.crt <<'END'Paste (in
> order) the contents of the following files:
> 1. The signed certificate from the CA
> 2. In order, each intermediate certificate provided by the CA (but
> do not include the root).
> END
>
If you are using a self-signed certificate, you don't have any
intermediate certificates. In this case, the file should contain only
your generated certificate "nginx.crt"
Note that we don't recommend using a self-signed certificate. You will
run into various problems, because parts of BigBlueButton have to
communicate with each-other, and they will fail because they cannot
validate the certificate.
If you search around the mailing list, there's some posts where people
have workarounds for this issue (mostly involving disabling https for
internal communication)
--
Calvin Walton <calvin...@kepstin.ca>
BigBlueButton Developer
On Mon, 2015-12-14 at 00:57 -0800, Mark Lin wrote:
> > -----BEGIN PRIVATE KEY-----
Don't *EVER* share your private key in public! You must now go and
delete this key and create a new one.
> > aP4Rn2vFvCgEldknpzDM= -----END PRIVATE KEY----- END
>
> Now i don't think i quite understood this section:
> "
>
> And the certificate file. Note that nginx needs your server
> certificate and
> the list of intermediate certificates together in one file (replace
> the
> hostname in the filename with your own):
>
> cat >/etc/nginx/ssl/bigbluebutton.example.com.crt <<'END'Paste (in
> order) the contents of the following files:
> 1. The signed certificate from the CA
> 2. In order, each intermediate certificate provided by the CA (but
> do not include the root).
> END
>
intermediate certificates. In this case, the file should contain only
your generated certificate "nginx.crt"
Note that we don't recommend using a self-signed certificate. You will
run into various problems, because parts of BigBlueButton have to
communicate with each-other, and they will fail because they cannot
validate the certificate.
If you search around the mailing list, there's some posts where people
have workarounds for this issue (mostly involving disabling https for
internal communication)
--
Calvin Walton <calvin...@kepstin.ca>
BigBlueButton Developer
Reply all
Reply to author
Forward
0 new messages