Chris Mendez in DevOps, For Developers, Openshift

How to create an SSL certificate on Openshift for GoDaddy

Openshift makes it really easy to install both SSL and use a custom domain. The first step is to upgrade your Openshift to Bronze so that you can gain access to the SSL form feature.

Setup

The first thing you'll want to do is ensure that you've installed Red Hat's command-line tool using these instructions.

Logging into your Openshift app

  1. SSH into Openshift app

    Use this rhc command to log into your app.

    rhc ssh -a <app name> --namespace <namespace>

    Note

    Your --namespace is usually the name right after you create your app. For example: http://appname-namespace.rhcloud.com

  2. Change directory

    cd ~/app-root/data

  3. If you'd like to understand more about the Openshift file structure, here is an excellent diagram.

Openshift File

Create an SSL certificate for Godaddy.

Before you generate a CSR, you need to first generate a private key. This private key will be installed on the server together with the issued certificate. A private key should never be shared with anyone and should be protected by a passphrase. There are two ways to generate the CSR and private key.

  1. The following command will generate a 2048 bit RSA Private Key and stores it in the file appName.key.

    openssl genrsa -des3 -out myApp.key 2048

  2. After you have generated the private key, use the following command to generate the CSR.

    openssl req -new -key myApp.key -out myApp.csr

  3. If you don’t care about protecting your private key with a passphrase, you can just use the simpler command to generate both the key file and the CSR.

    openssl req -nodes -newkey rsa:2048 -keyout myApp.key -out myApp.csr

    However, if you use the simpler command, your private key won’t be encrypted. To prevent your private key from getting abused, you should always use a passphrase to “lock it”.

  4. You will be prompted to enter the some of the following information in order to generate the private key and CSR pair off the web server

    • Country Name (2 letter code) [XX]: COUNTRY
    • State or Province Name (full name) []: STATE INITIALS
    • Locality Name (eg, city) [Default City]: CITY NAME
    • Organization Name (eg, company) [Default Company Ltd]: YOUR COMPANY NAME
    • Organizational Unit Name (eg, section) []: I SKIP THIS
    • Common Name (eg, your name or your server's hostname) []: www.domain.com
    • Email Address []: youremail@domainname.com
  5. Once the private key and CSR files are generated, you can use the following command to display the content of myApp.csr file. Copy the entire block, including the BEGIN and END lines and paste it into where the CSR is requested on the website where you purchased the SSL.

    nano myApp.csr

  6. Download your private key file and save it as myApp.key on your computer. Later, you will need to add this key file together with the SSL certificate for your domain to your application.

    nano myApp.key

Resources

Helpful Openshift SSH Commands