Link to home
Start Free TrialLog in
Avatar of Asfour Crystal
Asfour CrystalFlag for Egypt

asked on

ssl wildcard cert. on erp next

hello,
i've installed erpnext on centos 7, and need to apply my wildcard certificate on it, how can i acheive that?
thanks
Avatar of noci
noci

Configure the certificate in the webserver frontend you use: nginx, apache, ...  or in the loadbalancer in front of that haproxy ...
Tip: Best to do this in steps, as your TLS/SSL setup has nothing to do with erpnext.

Suggested steps.

1) Generate your cert, likely using the https://LetsEncrypt.org certbot-auto command.

2) Setup your nightly certbot-auto renew CRON job.

3) Configure Apache to correctly handle HTTP2 + HTTPS + Brotli + KeepAlive + HSTS + OSCP Stapling.

This is where you'll install your cert, based on actual Stack (Webserver + related code) you're running.

4) Work through #3 details till you can serve an empty directory correctly using all #3 tech correctly (verify with external testers).

5) At this point, installing erpnext or any other code, will go smoothly.
Avatar of Asfour Crystal

ASKER

thanks guys for replay,
but i need to install it on the nginx, how can i do that?
mr.david,
do you mean that i can't install my ssl on this erp?
thanks
You'll refer to your NGINX docs for setup.

Also, setup will vary depending on if you're running NGINX natively or with a backend like Apache... and whether or not you require securing NGINX or Apache or both.

My suggestion is if you're running a backend like Apache, get your backend working first without NGINX.

Tip: Contrary to popular myth, every layer of software requests pass through create a new layer of security problems + performance problems, so if you're using a backend like Apache, removing NGINX/Varnish/Squid can only make your setup more secure + faster.

The performance penalty is the worst. Better to correctly configure Apache caching, rather than bolting on NGINX/Varnish/Squid to attempt fixing a broken Apache config.

https://www.nginx.com/resources/library/complete-nginx-cookbook/ provides a good first resource for NGINX configuration.
no it's nginx only
The certificate is installed on the web server unless the erp application is self contained.
Do you already have the certificates? Or do you need to create one using OpenSSL.
In nginx in the server section:

http {
....
     server {
          listen 443 ssl 
          server_name  your.server.name ;
          ssl_certificate /etc/nginx/Server_certificate.pem
          ssl_certificate_key   /etc/nginx/Server_Key.pem
          ssl_trusted_certificate /etc/ssl/certs/CA_CERTIFICATE.pem ;

          ( you may need headers added please follow erpnext manual on those }
          ....
    }



}

Open in new window

This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.