How do I install cert on the chroot version of GLUU

By: Philip Dalrymple user 25 Oct 2019 at 10:06 a.m. CDT

3 Responses
Philip Dalrymple gravatar
I got gluu up and running with the selfsigned cert but can't find inststruction on how to install my let's encrypt certs (I can certbot renew --force-renew just fine (and the cert looks good on the login if I just change /etc/httpd/conf.d/https_gluu.conf to point to the new certs). But once I log in I get an OOPS page. Now when I go back to the self-signed cert I get Firefox detected a potential security threat and did not continue to gluu-prs9.mdtsoft.com because this website requires a secure connection. gluu-prs9.mdtsoft.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site. gluu-prs9.mdtsoft.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT Which I did not get this morning before trying my Let's Encrypt certs again. Can someone point me at the process to use a Let's encrypt with the chrrot Centos 7 version of Gluu? thanks
Gluu 4.0 CentOS 7.0
closed

Answers

By George Hanson user 29 Oct 2019 at 10:18 a.m. CDT

Copy
George Hanson gravatar
Here's a good starting point: https://gluu.org/docs/ce/admin-guide/certificate/#updating-apache-certificate What works for me (using letsencrypt) is just replacing those two files httpd.key and httpd.crt in the /opt/gluu-server/etc/certs/ directory. (fullchain.pem => httpd.crt, privkey.pem => httpd.key) Once that is done you restart apache2 and you are good to go.

By Aliaksandr Samuseu staff 04 Nov 2019 at 10:42 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Philip. As George mentioned above, you need to remove old Apache certificate (the self-signed one) from Java's truststore inside container, and add your new certificate there instead, under the same alias. You'll have to repeat this procedure manually if at any point certbot will update your letsencrypt certificate. Have you already tried this?

By Philip Dalrymple user 04 Nov 2019 at 10:48 a.m. CST

Copy
Philip Dalrymple gravatar
I have been tied up with other things, I hope to get and try this sometime this week.

Post an answer