Previous page Generating and applying the HTTPs certificate in Windows OS  AxxonData Configuration Next page

In AxxonData, you can apply a custom certificate and a custom domain name.

To generate and apply a custom certificate and a custom domain name, do the following:

  1. Contact the AxxonSoft technical support to get the gen-srt.ch generation script and the v3.ext file.

  2. Place the v3.ext file and the gen-srt.ch generation script in the same directory.

  3. Open the gen-srt.ch generation script in a text editor.

  4. In line 4 in the DOMAIN parameter, change the default domain name to a custom domain name. For example, DOMAIN=customdomain.test.

  5. Save the changes.
  6. Start the generation of the gen-srt.ch script using the command:
    sudo ./gen-crt.sh
    As a result, you get two files: rootCA.pem and <Domain name>.pem.
  7. Install Docker and AxxonData (see AxxonData in Linux OS).
  8. Create the ssl folder in the AxxonData directory.
  9. Rename the <Domain name>.pem file to vmscloud.local.pem and move it to the ssl folder.
  10. Open the local.ac.docker-stack.yml file in a text editor.
  11. In the nginx→volumes section, add a line:
    ./ssl:/etc/nginx/ssl
    nginx:
    image: ac/nginx-local
    networks:
      - backend
      - frontend
    ports:
      - "8082:8081"
      - "443:443"
    volumes:
      - $ITVCLOUD_UI_DIR:/etc/nginx/html/
      - ./ssl:/etc/nginx/ssl
    deploy:
      replicas: 1
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure


  12. Start AxxonData.
    sudo  ./run.sh
  13. Check the availability of AxxonData and its services:
    sudo docker service ls
    In the REPLICAS column, all values must be 1/1.
  14. Install the root certificate. The certificate must be in PEM format with a .crt extension.
    sudo mkdir /usr/share/ca-certificates/extra
sudo cp rootCA.pem /usr/share/ca-certificates/extra/rootCA.crt
sudo dpkg-reconfigure ca-certificates
    For Firefox, you must add the rootCA certificate to the Certification Authority yourself.
  15. Add a custom domain to the /etc/hosts file:
    127.0.0.1 <Domain name>
  16. Check if the certificate is installed in the system using the command:
    curl -I https://<Domain name>
    Example of a response:
    HTTP/2 200
server: nginx/1.20.0
date: Wed, 10 May 2023 08:45:23 GMT
content-type: text/html
content-length: 301
last-modified: Fri, 14 Apr 2023 04:16:58 GMT
etag: "6438d3ba-12d"
cache-control: no-cache
accept-ranges: bytes
    If the first line in the response is a HTTP/2 200 status, the certificate is installed in the system and all system utilities will use it.
  17. Create a file with a .sh extension (for example, install_cert.sh).
  18. Add the created file with a .sh extension to the folder with the rootCA.pem file:
    #!/bin/bash
certfile="rootCA.pem"
certname="My Root CA1"
for certDB in $(find ~/ -name "cert8.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:${certdir}
done
for certDB in $(find ~/ -name "cert9.db")
do
certdir=$(dirname ${certDB});
certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:${certdir}
done
  19. Give execution rights to the file:
    sudo chmod u+x install_cert.sh
  20. Run the file:
    sudo ./install_cert.sh

  21. Open a browser and check the secure connection by typing https://<Domain name> in the search bar. As a result, the AxxonData login window opens in a browser using a custom domain name.

Generation of a custom certificate and a custom domain name is complete.

  • No labels