** If you are provided a cert from IriusRisk, please refer to this document for How To Renew Your SSL Cert
Convert Files To .pem
When you purchase your two files ( <cert>.crt and <key>.key ) you will want to add these to the same directory that your `docker-compose.yml` file is located.
This can be done via ssh, rsync, ftp, or however you feel comfortable uploading the files.
These two files will need to be converted into .pem files. (Following the steps here)
Run the following to convert your .crt file to .pem:
openssl x509 -in <cert>.crt -out cert.pem
*Replacing <cert>.crt with the name of your current cert file*
Be sure to keep the name generic in the output, it is recommended to keep it as "cert.pem" as this will be simpler for the docker-compose.yml file settings.
For your <key>.key file, you may already have this in a "pem" format and will just need to rename the file.
"cat" the file to check what it begins with:
cat <key>.key
If the file begins with "-----BEGIN RSA PRIVATE KEY-----" then run:
cp <key>.key key.pem
*Replacing <key>.key with the name of your current cert file*
But if your file starts with "-----BEGIN PRIVATE KEY-----"
Then you need to run the following:
openssl rsa -in /path/to/directory/<key>.key -text > key.pem
*Replacing <key>.key with the name of your current cert file*
You can store your original files anywhere you like, for example, creating a "customcerts" directory and moving them there.
The two .pem files will need to remain in the same directory as your `docker-compose.yml` file.
Docker-Compose.yml Edit
Use whichever text editor you prefer, such as `vim`, and open your docker-compose.yml file to edit.
Verify that these two lines match the names of the cert/key files you have named
(If you followed the steps above, they should be named cert.pem and key.pem)
- "./cert.pem:/etc/nginx/ssl/star_iriusrisk_com.crt:ro"
- "./key.pem:/etc/nginx/ssl/star_iriusrisk_com.key:ro"
If these match, then no change is needed.
If you chose to name them something different, edit only the beginning of these two lines to match:
- "./<your cert file>.pem:/etc/nginx/ssl/star_iriusrisk_com.crt:ro"
- "./<your key file>.pem:/etc/nginx/ssl/star_iriusrisk_com.key:ro"
It is important to note, that even though the directory being uploaded to docker will show "star_iriusrisk_com.crt" and "star_iriusrisk_com.key" that you do not change this.
These are hard coded in our configuration files and will need to remain this way so that the docker container will mount the cert files correctly.
Restart Docker
Once this is completed, be sure to restart your docker container by running:
docker-compose down && docker-compose up -d
and you are all set!
Comments
0 comments
Article is closed for comments.