Change SSL Cert in Dynfi

This is the place to discuss DynFi Manager installation and deployment.
Not to be confused with DynFi Firewall installation.

Moderator: gregober

Post Reply
MattCorr
Posts: 1
Joined: 08 Nov 2023, 12:32

Change SSL Cert in Dynfi

Post by MattCorr » 08 Nov 2023, 12:41

Hi

Ive inherited a DynFi Manager installation on Ubuntu Server 22.04.3 LTS
We need to change the SSL Certificate for the https URL access on port 9090 from one public domain to another.
I have the pfx file for the new certificate (DigiCert RapidSSL Global TLS RSA4096 SHA256 2022 CA1 created with help of openSSL) but cant figure out where or how to install it.

Could someone point me in the right direction on how this is done?

Best regards
Mattias
User avatar
gregober
Posts: 270
Joined: 26 Mar 2019, 15:06

Re: Change SSL Cert in Dynfi

Post by gregober » 08 Nov 2023, 12:57

Ive inherited a DynFi Manager installation on Ubuntu Server 22.04.3 LTS
We need to change the SSL Certificate for the https URL access on port 9090 from one public domain to another.
I have the pfx file for the new certificate (DigiCert RapidSSL Global TLS RSA4096 SHA256 2022 CA1 created with help of openSSL) but cant figure out where or how to install it.

Could someone point me in the right direction on how this is done?
You seem to be using an OnPremise installation.

So the advised way to handle requests is using Nginx as a proxy between your DynFi Manager instance and your users.
So Nginx will catch the requests coming from your network and redirect them to port 9090 for DFM to answer.

You can simply use Nginx to redirect all incoming http & https requests to DynFi Manager.

You need to install the Nginx server first (apt install nginx).
You can then copy / paste the configuration below (please change the server name and IPs).

Be sure to use your own cert or "let's encrypt" certs if you use SSL. / eventually a self signed cert.

This configuration will allow you to redirect all your requests to the DynFi Manager (to be deployed in /etc/nginx/sites-available/dynfi and create a symbolic link in /etc/nginx/sites-enabled/dynfi).

Code: Select all

server {
    	listen 80 default_server;
    	listen [::]:80 default_server;
    	server_name my-server.myname.com;
    	return 301 https://$server_name$request_uri;
}

server {
    	listen 443 ssl http2 default_server;
    	listen [::]:443 ssl http2 default_server;
    server_name my-server.myname.com;

    	location /config.js {
    	        proxy_pass http://192.168.1.3:9090;
            	sub_filter 'http://192.168.1.3:9090' 'https://$host';
            	sub_filter_types "*";
    	}

    	location / {
            	proxy_pass http://192.168.1.3:9090;
    	}

    	ssl_dhparam /etc/ssl/certs/dhparam.pem;

    	ssl_certificate /etc/ssl/dynfi/bundle.crt;
    	ssl_certificate_key /etc/ssl/dynfi/myname.com.key;

}
Hope this helps.
Post Reply