Generate and Install a custom (Windows CA infrastructure) SSL certificate for the Snapt Aria framework web UI
  • 25 Aug 2021
  • 1 Minute to read
  • Dark
    Light

Generate and Install a custom (Windows CA infrastructure) SSL certificate for the Snapt Aria framework web UI

  • Dark
    Light

NOTE: this requires access to your Snapt Aria instances over CLI or SSH in some form.
This guide applies to Snapt Aria Official Images only

Step 1: Backup your existing lighttpd.pem file

sudo cp /etc/lighttpd/lighttpd.pem /etc/lighttpd/lighttpd.pem.bak

Step 2: Generate a new CSR - be sure to enter request details as prompted - then transfer it to your CA server (e.g. WinSCP, FileZille SFTP)

openssl req -new -newkey rsa:2048 -nodes -sha256 -out your-domain.csr -keyout your-domain.key

Step 3: Sign the certificate

Sign the certificate with your Certificate Authority of choice and export the certificate in Base-64-encoded x.509 format. Export the CA certificate in the same format.

Step 4: Transfer

Transfer the exported server and CA certificates to the Snapt Aria appliance.

Step 5: Consolidate

Concatenate the server private key, server certificate and CA certificate into a single x.509 PEM file.

cat your-domain.key your-domain.cer your-ca.cer > your-fullchain.pem

Step 6: Replace

Copy the new x.509 PEM over the existing lighttpd.pem

sudo cp your-fullchain.pem /etc/lighttpd/lighttpd.pem

Step 7: Restart

sudo systemctl restart lighttpd.service

And you're done! Your custom certificate will now be served by the Snapt Aria GUI on the configured SSL port (8081 by default)
Important: In the event of certificate issues or errors, restore the orginal lighttpd.pem

sudo cp /etc/lighttpd/lighttpd.pem.bak /etc/lighttpd/lighttpd.pem