Skip to main content

Part2: Install an SSL certificate for the website

To prevent data theft when transmitting data, we recommended you follow the steps to install an SSL certificate for your web service, so that all data will be transformed into encrypted format to transmit securely.

Step 1. Register a domain name

Register a website domain name so that users can enter a memorable domain name (instead of a rigid IP address) in the address bar to quickly start using your web service!

You can choose a paid or free website to apply for a domain name according to your needs. We use No-IP as an example website to register a free domain name:

  1. Sign up for No-IP
  2. After signing in, click My Services on the left menu > DNS Records > Create HostName above
  3. Configure the hostname (domain name):oliversslwebsite.ddns.net
  4. Set IP Address: Enter VIP of the load balancer

  1. Click Add Hostname at the bottom right corner of the page.

  1. Complete the confuguration

  • Use NsLookup to make sure that the host(load balancer) can be queried
    1. Enter Domain Name
    2. Click go
    3. Confirm that the host can be queried, the query information will be displayed below: domain name and IP address of the load balancer

Step 2. Get an SSL certificate

You can choose a paid or free website to get an SSL certificate according to your needs, we use Let's Encrypt as the example to get a free SSL certificate:

  • Enter the following commands to use the domain name in instance lbssl01, and use Let's Encrypt to get an SSL certificate:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d <Domain_Name>
info
  1. Enter e-mail address below to receive urgent renewal or safety notices
    imageimage
  1. Please select 1 for the following content, there is no need to redirect the HTTP connection to HTTPS and delete the HTTP connection:
    image

Step 3. Convert the certificate to Base64 format

Currently TWSC only supports PKCS #12 and Base64 format of SSL certificates. Please enter the following command to convert the certificate to Base64 format.

For more information, see Convert SSL certificate format.

sudo su
cd /etc/letsencrypt/live/<Domain_Name>/ 
openssl pkcs12 -export -out server.p12 -inkey privkey.pem -in cert.pem -certfile chain.pem
base64 server.p12 | tr -d \\n  > twcc_ssl_base64.txt
cat  twcc_ssl_base64.txt
info

The following content can be skipped by pressing Enter key:

Enter Export Password:
Verifying - Enter Export Password:
  • Please copy all contents of twcc_ssl_base64.txt displayed on the screen

Step 4. Upload SSL to TWSC

  • Click SSL Certificate from the service list to enter SSL Certificate Management page, then click +CREATE

  • Paste the copied content of base64 file in step3

  • Then, go to Load Balancer Details page:
    1. Click EDIT > Select the SSL certificate you just created.
    2. Add instancelbssl02 <private IP>:<port> (80) to this load balancer.