1. Home
  2. Framework
  3. Generate and Install a custom (Windows CA infrastructure) SSL certificate for the Snapt Aria framework web UI

Generate and Install a custom (Windows CA infrastructure) SSL certificate for the Snapt Aria framework web UI

NOTE: this requires access to your Snapt Aria appliance over CLI or SSH in some form.

This guide applies to Snapt Aria official images only.

  1. IMPORTANT: backup your existing lighttpd.pem file.
    sudo cp /etc/lighttpd/lighttpd.pem /etc/lighttpd/lighttpd.pem.bak
  2. Generate a new CSR – be sure to enter request details as prompted – then transfer it to your CA server (e.g. WinSCP, FileZilla SFTP).
    openssl req -new -newkey rsa:2048 -nodes -sha256 -out your-domain.csr -keyout your-domain.key
  3. Sign the certificate with your Certificate Authority of choice and export the certificate in Base-64-encoded x.509 format. Export the CA certificate in the same format.
  4. Transfer the exported server and CA certificates to the Snapt Aria appliance.
  5. Concatenate the server private key, server certificate and CA certificate into a single x.509 PEM file.
    cat your-domain.key your-domain.cer your-ca.cer > your-fullchain.pem
  6. Copy the new x.509 PEM over the existing lighttpd.pem.
    sudo cp your-fullchain.pem /etc/lighttpd/lighttpd.pem
  7. Restart lighttpd.
    sudo systemctl restart lighttpd.service
  8. And you’re done! Your custom certificate will now be served by the Snapt Aria framework web UI on the configured SSL port (8081 by default).
  9. IMPORTANT: in the event of certificate issues or errors, restore the original lighttpd.pem.
    sudo cp /etc/lighttpd/lighttpd.pem.bak /etc/lighttpd/lighttpd.pem
Updated on April 7, 2021


Was this article helpful?

Related Articles