Personal certificate for user interface (UI)

1. URI of user interface should differ from URI of agents’ interface. For example, if agent interface is registered to staffcop.local server address, then UI interface should be registered to another address, for example admin-staffcop.local or ui.staffcop.local.

Note

IP address where these servers are registered can be the same.

2. You should have a private key and certificate matching the name where user interface is hosted. The key and certificate should be copied to the following server folder /var/lib/staffcop/CA

3. Make a copy /etc/nginx/sites-available/ssl.staffcop

cp /etc/nginx/sites-available/ssl.staffcop /etc/nginx/sites-available/ssl.staffcopui

Edit a file /etc/nginx/sites-available/ssl.staffcopui

Fill in server_name field with URI value for user interface (UI).

Fill in ssl_certificate field with the path to ssl certificate for UI.

Fill in ssl_certificate_key field with the path to ssl private key for UI.

Delete or make a comment to ssl_client_certificate field.

Fill in ssl_verify_depth 1 filed.

Fill in ssl_verify_client off field.

There is an option to keep separate logs for UI and agents. Names of UI log files can be set in access_log and error_log fields.

4. Create a symbolic link to new configuration

ln –s /etc/nginx/sites-available/ssl.staffcopui /etc/nginx/sites-enabled

5. Restart nginx

systemctl restart nginx