Configuring eHealth to use SSL with a Certificate Authority (CA) signed cert

Document ID : KB000048030
Last Modified Date : 14/02/2018
Show Technical Document Details

Descriprtion:

Quick steps on configuring eHealth to use SSL with a CA signed cert

Solution:

In the examples below, the fully qualified domain name of the ehealth server is eHealthserver1.mydomain.com

  1. cd $NH_HOME/web/httpd/bin
  2. Generate the server private key:
    ./openssl genrsa -des3 -out eHealthserver1.mydomain.com.key 2048

    Pick a passphrase. Answer the questions.
  3. Generate the signing request:
    ./openssl req -new -key eHealthserver1.mydomain.com.key -out eHealthserver1.mydomain.com.csr -config ./openssl.cnf

    Enter the passphrase entered in step 2.
    Answer the questions.

    ***Note***

    The URL used address field in your browser to access the eHealth server web UI must be what you put under common name (CN). Otherwise you will receive a warning in the browser that the certificate does not amtch the site name.

  4. Send csr to Certificate Authority.
    You will get back a signed .crt file. and maybe an intermediary crt file. These need to be be in PEM format.

    Check the file to make sure it is plain text and has "-----BEGIN CERTIFICATE-----"
    and"-----END CERTIFICATE-----" statements. If not, it is not in PEM format.

  5. Place the received file(s) in the same directory as the private key.

    This should still be under $NH_HOME/web/httpd/bin

  6. To put the key/crt in place and enable ssl, cd to the directory that contains your private key, signed certificate and intermediate file if you have one and run:

    nhWebProtocol -mode https -port 443 -certificate
    eHealthserver1.mydomain.com.crt -key eHealthserver1.mydomain.com.key
    -passphrase <passphrase from step 2> -hostname eHealthserver1.mydomain.com

    If you had an intermediate cert:

    nhWebProtocol -mode https -port 443 -certificate
    eHealthserver1.mydomain.com.crt -key eHealthserver1.mydomain.com.key
    -passphrase <passphrase from step 2> -hostname eHealthserver1.mydomain.com
    -intermediate intermediateCertificate.crt