3 Cloud SSL Certificate

If you’re planning on using the secured HTTPS Web/JSON interface, you may need to acquire an official SSL Certificate for SquidNet’s internal web server. By default, SquidNet uses an automatically-generated self-signed SSL Certificate which is sufficient for most localized testing. However, this certificate may not be sufficient as some web management services like Microsoft’s IIS server may require a trusted HTTPS connection.

To configure SquidNet to use your SSL Certificate, follow these steps:

  1. Acquire an SSL Certificate from a well-know Certificate Authority (CA). Follow CA instructions for generating a certificate signing request (CSR) for your domain (example: cloud.<render-service>.com)

  2. Make sure Private key and SSL Certificate are in PEM format then append to a single file named https_ssl2.pem.

  3. Copy PEM formatted file to <squinet-install>/webroot folder. Override any existing https_ssl2.pem file.

  4. Restart SquidNet service to re-load new SSL Certificate.

Here’s an example of what the PEM file should look like:

-----BEGIN RSA PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmhM8xbNWoCTCj
3xsRkTnmnUMIo6m1nL/Gt9JKDY4r3WhnyWr+jgqKE+62OKGmrzcSlKlEkGGKldJP
.
.
.
9t569IMO/Na0QgB8d64MOCxLI5BcLMeHUddXD6N+0VN8GTBazzDOlXW8W8cphB8K
slGCA9qSOGYtjLtl6WERtw7jovbUbQbE6JgsRh6p9n2je8gtrniCpzdEBUNmRSyT
kaNkeeew6zJELqZqZhZuupxu
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIJRRU1RsfVCG1GMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
VQQGEwJUUjFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZl
.
.
.
/tVI9BdjndPt2+Nv4OFc3LSLfXF/brh0mfBasTRfa/qTP5/C1lYpUPe2NQFZmReU
tvKAwXxxGtvqcnqbt6gwEQwJeWFzYXJlZHUABAQBAAAA
-----END CERTIFICATE-----

Validate that your private key and certificate are a match by using this website: https://www.sslshopper.com/certificate-key-matcher.html Alternatively, you can use the openssl command line tool to verify your csr, private key and site certificate:

openssl rsa -noout -modulus -in *<private.key>* | openssl md5
openssl x509 -noout -modulus -in *<certificate.crt>* | openssl md5
openssl req -noout -modulus -in *<request.csr>* | openssl md5

* Ensure that all MD5 hashes are identical.

To decode your SSL certificate, use the following website: https://www.sslshopper.com/certificate-decoder.html. Just cut/paste in your certificate portion of the PEM fie.

To ensure that your PEM file is correct, do a port test to https://cloud.<render-service>.com:17389 or point your web browser to https://cloud.<render-service>.com:17389 and verify that you’re not asked for a security exception.

Last Updated on 2021-12-15