Configuring eHealth to use SSL with a Certificate Authority (CA) signed cert

Document ID : KB000048030
Last Modified Date : 14/02/2018
Show Technical Document Details


Quick steps on configuring eHealth to use SSL with a CA signed cert


In the examples below, the fully qualified domain name of the ehealth server is

  1. cd $NH_HOME/web/httpd/bin
  2. Generate the server private key:
    ./openssl genrsa -des3 -out 2048

    Pick a passphrase. Answer the questions.
  3. Generate the signing request:
    ./openssl req -new -key -out -config ./openssl.cnf

    Enter the passphrase entered in step 2.
    Answer the questions.


    The URL used address field in your browser to access the eHealth server web UI must be what you put under common name (CN). Otherwise you will receive a warning in the browser that the certificate does not amtch the site name.

  4. Send csr to Certificate Authority.
    You will get back a signed .crt file. and maybe an intermediary crt file. These need to be be in PEM format.

    Check the file to make sure it is plain text and has "-----BEGIN CERTIFICATE-----"
    and"-----END CERTIFICATE-----" statements. If not, it is not in PEM format.

  5. Place the received file(s) in the same directory as the private key.

    This should still be under $NH_HOME/web/httpd/bin

  6. To put the key/crt in place and enable ssl, cd to the directory that contains your private key, signed certificate and intermediate file if you have one and run:

    nhWebProtocol -mode https -port 443 -certificate -key
    -passphrase <passphrase from step 2> -hostname

    If you had an intermediate cert:

    nhWebProtocol -mode https -port 443 -certificate -key
    -passphrase <passphrase from step 2> -hostname
    -intermediate intermediateCertificate.crt