Skip to main content
Version: 11.0

Applying SSL Certificate for Resolve Insights

Configuring SSL Certificate

SSL (Secure Sockets Layer) is a cryptographic protocol designed to keep communication safe over the Internet. An SSL Certificate is a digitally signed file issued for a particular domain name/domain name. Besides the domain name, the certificate also contains the issuer signature, serial number, expiration date, etc. To enable a secure connection and protect important information, an SSL certificate file should be installed on the Resolve Insights server. 

caution

The client needs to follow their own process to generate certificate requests, keys and certificates for the Insights server. If the client does not have an internal process to generate a certificate requests, the client should follow the below instructions.

To generate a certificate requests, the below details are required. This information needs to be collected from the client before generating a certificate request.

  • Country Name (2 letter code) [XX]

    For example, for USA use code US, for India use code IN.

  • State or Province Name (full name)

  • Locality Name (for example, city) [Default City]

  • Organization Name (for example, company) [Default Company Ltd]

  • Organizational Unit Name (for example, section)

  • Common Name (for example, your name or your server's hostname)

  • Email Address.

  • A challenge password.

  • An optional company name.

Checking the OpenSSL Version Installed on NCE Master

openssl version -a

This command will display the version of openssl currently installed on the NCE master server.

On above screenshot highlighted is openssl current version.

Generating Private Key

To generate a Private key, you need to decide on a key algorithm, key size, and passphrase (optional).
Use the following command to generate your private key using the RSA algorithm:

Command syntax:

openssl <algorithm> -out <keyfilename> <key size>

Command: 

openssl genrsa -out training.key 2048

Generating CSR or Certificate requests.

We have used training as a sample name to explain the procedure.

To generate the .csr file use the following command.

Command Syntax: 

openssl req <options> <key filename> -out <CSRname.csr>

Command:

openssl req -new -key training.key-out training.csr

A .csr file will be generated after using the above command. The training.key file will be used to generate a certificate request.

While generating CSR, openssl will prompt for several details. Below are the screenshots. The client should provide information before generating CSR.

  • Country Name (2 letter code) [XX]

    For example, for USA use code the US, for India use code IN.

  • State or Province Name (full name)

  • Locality Name (for example, city) [Default City]

  • Organization Name (for example, company) [Default Company Ltd]

  • Organizational Unit Name (for example, section)

  • Common Name (for example, your name or your server's hostname)

  • Email Address

  • A challenge password

  • An optional company name

Configuring Certificate on Insights NCE Server(s)

Once ".pem" and ".key" are received from the client, follow the below instructions to apply the certificate on Nginx. 

Copying the Certificate File to NCE Server(s)

We have used training as a sample name to explain the procedure.

Make sure "training. pem" and training.key file to be stored at /etc/nginx on Resolve Insights NCE master server.

Making Changes in meridian.conf

Edit meridian.conf file located at /etc/nginx/conf.d/meridian.conf on NCE master server. Changes need to be done in two places.

  • listen 443 ssl

  • listen 5601 ssl

note

For "ssl_certificate" and "ssl_certificate_key" make sure you put full path as shown in screenshots above.

Restarting the Nginx Service

service nginx stop
service nginx start

Validation

Validate the certificate with correct URL for which certificate is applied. View the certificate for that certificate. By clicking on the lock icon in web browser and click Certificate to see the certificate on the URL.

Troubleshooting

If Ngnix service is not starting properly or throwing any exceptions please check following log files for errors.

Nginx logs are stored in directory /var/log/nginx. Ngnix creates 2 log files:

  • access.log
  • error.log

These files are archived in dated format as shown below.

Access.log-yyyyMMdd Error.log-yyyyMMdd

Problem: Browser shows "Not Secure" for Insights URL

Problem statement "Site not secure"

Troubleshooting steps

Check certificate

Click the red icon and then click Certificate.

Check "meridian.conf". If all configuration is done properly.

  • listen 443 ssl

listen 5601 ssl

note

For "ssl_certificate" and "ssl_certificate_key" make sure you put full path as shown in screenshots above.