To configure SSL on your wakari-gateway follow these steps:
1. In /opt/wakari/wakari-compute/etc/wakari/config.json, change http to https.
2. In /opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.json, add:
{
EXISTING_CONFIGURATION,
"https": {
"key": "/opt/wakari/wakari-gateway/etc/gateway.key",
"cert": "/opt/wakari/wakari-gateway/etc/gateway.crt"
}
}
3. If you have a server cert that was signed by a private root CA or signed by an intermediate authority, add:
{
EXISTING_CONFIGURATION,
"https": {
"key": "/opt/wakari/wakari-gateway/etc/gateway.key",
"cert": "/opt/wakari/wakari-gateway/etc/gateway.crt",
"ca": ["/opt/wakari/wakari-gateway/etc/server.crt"]
}
}
NOTE: The ca key must contain separate values for the paths to the CA root, any intermediates and the certificate for the Server.
4. Restart the service:
sudo service wakari-gateway restart
5. In the step 3, the “ca” section may need your crt files in an array. If your certificate pem file has more than one section of BEGIN CERTIFICATE/ END CERTIFICATE, you will need to separate the files.
Here is an example:
-----BEGIN CERTIFICATE-----
(some hash value)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(some hash value)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(some hash value)
-----END CERTIFICATE-----
Break the cert into 3 separate files - cert1.crt, cert2.crt, cert3.crt. You need to include the whole section for each including the BEGIN and END. This could be done in order - first section is cert1, middle section is cert2 and the last section is cert3.
cert1.crt example:
-----BEGIN CERTIFICATE-----
(some hash value)
-----END CERTIFICATE-----
cert2.crt example:
-----BEGIN CERTIFICATE-----
(some hash value)
-----END CERTIFICATE-----
cert3.crt example:
-----BEGIN CERTIFICATE-----
(some hash value)
-----END CERTIFICATE-----
Move all three of them to a place such as /opt/wakari/wakari-gateway/etc/wakari. Make sure that the permissions are correct for the wakari user and wakari group to access them or change ownership. Now you can add each certificate path to the ca array of the https section in the following config file:
/opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.json:
"https": {
"key": "/opt/wakari/wakari-gateway/etc/gateway.key"
"cert": "/opt/wakari/wakari-gateway/etc/gateway.crt",
"ca": ["/opt/wakari/wakari-gateway/etc/cert1.crt", "/opt/wakari/wakari-gateway/etc/cert2.crt", "/opt/wakari/wakari-gateway/etc/cert3.crt"]
}
Restart the gateway service and check that the status is ok:
sudo service wakari-gateway restart
sudo service wakari-gateway status