Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.
External IP
-
@phildunlap So this means that if I login with SSH and run this command:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changei -validity 365 -keysize 1024than I can give the answer to the question from that help? -
That command will create the keystore file, yes. Had some weird formatting though, so I edited your post. You may want to use a different storepass than "changei" (or omit that argument to have it ask for that, first)
-
Hi @sky_watcher
Just for your information, browsers will not recognise a self signed certificate. your browser will give a warning saying the certificate is not trusted. Not the end of the world if the server is just for yourself. If you want the green lock on the URL you'll need to purchase a certificate from a registered CA.
-
The other option is to use let's encrypt's certbot certificate authority. Install that on mango and validate with the dns option. @phildunlap is there not a way to import a signed cert into the Java SSL script that you are talking about?
Am also happy to show how to reverse proxy with Apache 2 for those who are interested...
Do not follow where the path may lead; go instead where there is no path.
And leave a trail - Muriel Strode -
@phildunlap I executed that command and I made changes to env.properties file. But after reboot I couldn't connect to the web, so I restored back the env.properties file and now is working.
Those errors I got when I couldn't connect to the web:
And this one was in the ma.log file:
-
is there not a way to import a signed cert into the Java SSL script that you are talking about?
There is! Here's my little note scratches about how to do that... Step 0 is submit a CSR and get a certificate bundle back.
1. openssl pkcs12 -export -certfile server.ca-bundle -inkey server.key -in server.crt -name NAME -out keystore.p12 -passout pass:morethan6c 1a. cd to your jdk/bin folder 2. sudo ./keytool -importkeystore -destkeystore /path/to/keystore.jks -srckeystore keystore.p12 -srcstoretype PKCS12 -alias NAME -srcstorepass morethan6c 3. Enter destination keystore password: morethan6c Now you have a keystore.jks file, 4. copy this into your Mango/overrides/properties directory. 5. Edit your Mango/overrides/properties/env.properties file such that... ssl.on=true ssl.port=443 ssl.keystore.location=/path/to/Mango/overrides/properties/keystore.jks ssl.keystore.password=morethan6characters 5a. Add the APLN script into the ext-enabled folder 6. Restart Mango 7. Success! -
Gent and a scholar, thanks!
-
Can you share your web.port and ssl.port from your env.properties? Have you tried clearing your browser cache?
The warning you shared suggests there isn't a
jetty-alpn-agent.jarin the Mango/boot directory perhaps. Enabling ALPN takes advantage of HTTP/2 but you may need to move the enable-alph extension script from your Mango/bin/ext-available to Mango/bin/ext-enabled/ to get the benefits. SSL is required to be enabled, as well. -
@phildunlap web port is 8888 and ssl port is 8443.
Yes, I've cleared the cash.
-
@phildunlap I moved enable-alph extension script to ext-enable folder, and also I made the SSL settings like before but I get the same errors and I couldn't navigate to the web page.
