How do I replace the user portal self-signed certificate?
NOTE: This article only applies to versions of Bright prior to 7.0. For Bright 7.0 onward, please refer to the article titled "How can I set up a reverse proxy for the user portal from 7.1 onward?"
For a portal that is accessible via the internet, some administrators may regard it as more secure to ask users to trust the self-signed certificate rather than external certificate authorities. The external certifcate authority security model has some issues inherent in its design, as the DigiNotar compromise (http://www.bbc.co.uk/news/technology-14789763) showed.
Alternatively the administrator can replace the self-signed certificate with one obtained by a standard CA, if that is preferred. This is simply a standard Linux administration task, and can be done as follows:
You will need to edit the ssl.conf file in
and change the following directives:
Replace the key and pem files with the ones you obtained after submitting a signing request to your CA. The files must be stored in a path outside the Apache's root directory.
You will also need to obtain the intermediate certificate from your CA and add the following directive to ssl.conf:
Then restart Apache2:
service httpd restart
If the administrator would like to use port 443 instead of the default 8081, then the reverse-proxy procedure in
can be followed.