To obtain and install a certificate from a Certificate Authority on FastX:
Generate a private key using this command: (umask 077; openssl genrsa -out`hostname`.key 2048)
(This will create a private key for your certificate. Protect this file, if it is lost or disclosed, your certificate will be useless and you’ll have to use a different certificate.)
Generate a certificate request using this command (and the private key you generated in step 1): openssl req -new-sha256 -key `hostname`.key -out`hostname`.csr
This command will prompt you for the elements of your certificate request (and thus in the resulting certificate). The only important one is the “Common Name”, which must be the hostname of the server. (As it appears in the address bar of the browser) Some certificate authorities may require other fields, or may substitute information in the final certificate.
Send the CSR (Certificate Request) to the certificate authority.
Wait for the certificate authority to process your request. You will usually receive an email with a link to a page to download your certificate.
Put your key, certificate, and intermediate CAs into FastX.
– The private key generated in step 1 should be owned by the user ‘fastx’, and mode 0600 (not publicly readable). Put all files in the FastX “var/certs” directory.
– Then edit the var/config/www.json file and set “key_file”, “cert_file”, and “ca_file” to the private key file (from step 1), your certificate file, and the intermediate authority file (given to you in step 5).
Restart FastX: service fastx restart
Check the log for any errors. If not, connect from a browser in secure mode.