Knowledge

How to configure SSL certificate in Buddy Enterprise

By default Buddy Enterprise uses a self-signed SSL certificate. Upgrading to Enterprise will allow you to use your own trusted SSL certificate. This article describe how to prepare and apply such certificate.

Purchasing the certificate

When buying a certificate you'll most likely be asked to deliver a CSR (Certificate Signing Request) file. To generate the file, execute this method:

    openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Once executed, you will be asked to provide your personal/business details. Two files will be generated:

  • domain.csr - Certificate Signing Request
  • domain.key - a private key that will be used to set up the certificate. Make sure to keep it safe and never share it to other users.

Generating Pem File

The purchased certificate consists of two types of files:

  • SSL certificate - a single file, usually named domain.crt or domain.pem
  • Intermediate certificate - one or more files, usually named ca.pem

Now you need to generate a PEM file that you can upload to Buddy. You can do that by pasting the certificates with the key file:

cat domain.crt ca.pem domain.key > full.pem

If you have more than one intermediate the command will look like this:

cat domain.crt ca.pem ca1.pem ca2.pem domain.key > full.pem

Activating the certificate

With the PEM file successfully generated you are now ready to set the SSL certificate. You can do it in two ways: through the workspace GUI or the CLI on the sever.

Setting certificate in Buddy GUI

  1. Log in to your Buddy Enterprise instance as admin.
  2. Go to Preferences.
  3. Switch to the Standalone tab.
  4. Upload the .pem file to to the SSL Certificate field
Setting SSL certificate in Buddy GUI
Setting SSL certificate in Buddy GUI

Setting certificate with Buddy CLI

  1. Log in to the machine where Buddy Enterprise is installed.
  2. Enter configuration settings by entering

    buddy configure
    
  3. Go to Custom domain SSL certificate.
  4. Press u & enter to update the certificate.
  5. Provide the absolute path to the full.pem file.
  6. Restart the application to apply changes.

Verifying certificate

Once the certificate is set, it's a good practice to scan it at sslabs.com.

The page displays the contents of the certificate and informs if you need to download any missing parts. This may happen if your provider did not provide all required certificates or the certificates are invalid. In such case you have to copy the names of the certificates from sslabs and look them up in Google. This way you can easily find the missing intermediate certificates and paste them into a correct full.pem file.

A properly generated certificate should look like this:

Properly generated SSL certificate
Properly generated SSL certificate

Restoring default certificate

In case something goes wrong you can restore the default certificate through Buddy CLI:

  1. Log in to the machine where Buddy Enterprise is installed.
  2. Enter configuration settings by entering

    buddy configure
    
  3. Go to Custom domain SSL certificate.
  4. Press c & enter to clear the certificate
  5. Restart the application to apply changes.

Get started now

14 days of unlimited trial. No credit card required.