Question: How do I set my certificate and domain name for Management Console?
0
gravatar for Resilio Bot
3.7 years ago by
Resilio Bot100
San Francisco
Resilio Bot100 wrote:

I need my MC to be available publicly with public DNS name. Also, I want to avoid certificate warning showing to users so I need to force MC using my own certificate. How can I do it?

dns mc certificate • 1.1k views
ADD COMMENTlink modified 3.7 years ago by Resilio Connect ♦♦ 750 • written 3.7 years ago by Resilio Bot100
4
gravatar for Resilio Connect
3.7 years ago by
Resilio Connect ♦♦ 750
San Francisco, USA
Resilio Connect ♦♦ 750 wrote:

First, you need to ensure that your MC is available on public IP. If MC itself is hosted inside your LAN, ensure to forward WebUI port (TCP 8443), data port (TCP and UDP 3839), tracker port (TCP and UDP 3000). Here more on ports used by MC. Next, map your domain name to server public IP.

Few things you need to note to ensure there's no certificate warning in your users browsers: - cert's domain name should match with the domain you map - cert must be signed with some trusted authority, which root certificate is pre-installed in browser. another way to feed own cert to MC: name yours as web.key and web.crt and place them to resilio-connect-server\certs directory instead of the default ones.

Second, find MC config file (depends on server OS):

  • Windows: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\resilio-connect-server\resilio-connect-server.conf

  • Linux: ${resilio_connect_server_dir}/var/resilio-connect-server.conf and edit it. You need https section, ssl subsection, cert and key params. Put the paths to your own certificate there. Ensure that the user account running MC have access to your paths. Ensure that the key parameter (which is private key) is not encrypted, otherwise MC won't be able to use it.

Also, to get agents use your own certs when communicating to MC: accordingly edit the config in “peerServer” section - set paths to your cert/key there. Or rename them as peer.key and peer.crt and place your certs instead of the default.

ADD COMMENTlink modified 3.7 years ago • written 3.7 years ago by Resilio Connect ♦♦ 750
Please log in to add an answer.

Content

Properties

Miscellaneous

Powered by Biostar 16.09
Bug report artem@resilio.com
Traffic: 2 users visited in the last hour