Admin Installing SSL Certificates

Home | Installation Guide | User Guide | Admin Guide | User Tests

---

The Uplaoder uses nginx. The nginx docker container configuration file is ./nginx/xnat.conf. During the build process, the file is generated from the templates (xnat_nonssl.conf, xnat_ssl.conf and xnat_nonssl_proxy.conf) with the certificate names taken from the xnat.cfg file. You may edit these templates before building DASHER, if you wish.

For SSL, the Nginx configuration is based on

https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.4

This configuration requires three certificates, from the xnat.conf file:

ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;

# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

These are filename - do not include the path. All files must be placed in the [Install path]/upldoader/certs folder. You may have to concatenate some files to generate the required files, for example on Linux:

cat signed.crt intermediate.crt > ssl_certificate.crt
cat root.crt intermediate.crt > trust.crt

In addition a dhparem file (ssl_pem_file in xnat.cfg) can be used. If you have not yet built DASHER and wish to generate a dhparem file on the server, on linux:

openssl dhparam -out [install path]/certs/dhparam-2048.pem 2048

This will create a dhparem file. Enter the filename in xnat.cfg.

If you have already installed DASHER, and wish to update the certificates, if they are named the same simply replace the certificates in [storage_path]/certificates.