TLS Certificates

HTTPS access has been set up as adapted from the RSE steps outlined below. Note that the same process can be followed for renewing the certificates each year.

Procure a TLS certificate to enable https connections to your app.

• Suggest running the following commands in a directory such as tls/something_rcs_ic_ac_uk/request.
• Run openssl req -nodes -out CSR.csr -new -newkey rsa:2048 -keyout privatekey.key and when prompted:
  • Country Name - GB
  • State or Province - London
  • Locality - LONDON
  • Organisation name - Imperial College of Science, Technology and Medicine
  • Organisational unit name - ICT
  • Common name - something.rcs.ic.ac.uk
  • Email - blank
  • Password - blank
  • Company name - blank
• Submit a security certificate request via ASK and a certificate will be generated for you. (Note: The same form can be used when it comes to renewing the certificate).
• You'll get an email with a number of download options, choose "Certificate with (w/ issuer after)" and save into the folder tls/something_rcs_ic_ac_uk/response.
• Make sure your certificate and private key are being mounted correctly within the Docker Compose file.
• If https still isn't working check docker-compose logs proxy for some hints. From another computer using openssl s_client -connect [something.rcs.ic.ac.uk:443](http://something.rcs.ic.ac.uk:443/) or just curl -v https://something.rcs.ic.ac.uk/ can be helpful for debugging as well.