Admin Installing SSL Certificates - KCL-BMEIS/DASHER GitHub Wiki
Home | Installation Guide | User Guide | Admin Guide | User Tests
The Uplaoder uses nginx. The nginx docker container configuration file is ./nginx/xnat.conf. During the build process, the file is generated from the templates (xnat_nonssl.conf, xnat_ssl.conf and xnat_nonssl_proxy.conf) with the certificate names taken from the xnat.cfg file. You may edit these templates before building DASHER, if you wish.
For SSL, the Nginx configuration is based on
This configuration requires three certificates, from the xnat.conf file:
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
These are filename - do not include the path. All files must be placed in the [Install path]/upldoader/certs folder. You may have to concatenate some files to generate the required files, for example on Linux:
cat signed.crt intermediate.crt > ssl_certificate.crt
cat root.crt intermediate.crt > trust.crt
In addition a dhparem file (ssl_pem_file in xnat.cfg) can be used. If you have not yet built DASHER and wish to generate a dhparem file on the server, on linux:
openssl dhparam -out [install path]/certs/dhparam-2048.pem 2048
This will create a dhparem file. Enter the filename in xnat.cfg.
If you have already installed DASHER, and wish to update the certificates, if they are named the same simply replace the certificates in [storage_path]/certificates.