Creating SSL certificates
HTTPS is a protocol that encrypts and authenticates communication between a web browser and a web server.
Obtaining an SSL certificate
An SSL certificate is a digital document that confirms the identity of a website or server and enables an encrypted connection between the browser and server. To obtain an SSL certificate, you must submit an application to a certification authority (CA), which issues and verifies the certificate. The CA verifies that you are the rightful owner of the domain for which you are requesting the certificate and then issues you a certificate that you can install on your server. Some CAs offer free SSL certificates, while others charge a fee.
No certificate from a certification authority is required for internal use of OPC Router 5; a self-signed certificate is sufficient.
Creating a self-signed SSL certificate
We recommend that you contact your network administrator to obtain an SSL certificate with a private key. The certificate generated here enables an encrypted connection, but cannot be used to verify the authenticity of the website.
You can easily create an SSL certificate yourself using the alpine/openssl containers.
If you are using a Linux distribution and already have OpenSSL installed on your system, you can also use OpenSSL directly and do not need to use the alpine/openssl container with the steps described here.
docker run -it --name openssl alpine/openssl:3.1.4 req -newkey rsa:2048 -nodes -keyout https.key -x509 -days 365 -out https.pem
This command creates a container named openssl from the alpine/openssl image. The argument combination -it opens the container's OpenSSL prompt in the terminal where the configured command req is executed, which triggers the creation of an SSH certificate with a private key.
When executing the command, you will be asked for some information that will be included in the certificate. After you have entered all the information, the certificate and key are generated and the container console is automatically closed.
The certificate (here https.pem) and the private key (here https.key) are now located at the root level in the container. You can use these two commands to copy them from the container to your local system (to the folder where you are running your terminal):
docker cp openssl:/https.pem ./https.pem
docker cp openssl:/https.key ./https.key
We can now remove the container with the command docker rm openssl.
Certificates in OPC Router
To learn how to import this new certificate into OPC Router, please refer to the following article.