Preparing files for SSL
If you are using SSL you will have at one point generated a certificate and private key file using the Alpha web server. Alpha's configuration is a little bit different than the norm and there are some modifications you will need to do in order to prepare your SSL-related files for use with the load balancer.
We suggest that you make a new folder to store your SSL-related files for the load balancer.
In the process of preparing certificate and key files for your load balancer do not destroy any existing files; keep these intact in case you need to re-use them.
Here are the two things that are different about the Load Balancer SSL-files compared to Alpha:
- The load balancer only has one certificate file and one private key file (Alpha may or may not have an "intermediate" certificate file.)
- The load balancer's private key file is non-encrypted (Alpha's is encrypted.)
Because of this you need to:
- Copy your existing certificate and private key file to a new folder, we suggest c:\aa\alphalb\ssl.
- Configure the alphalb.toml file to point to these new certificate and private key files.
- If your Alpha SSL installation had a "intermediate" or sometimes called a "chain-file" certificate, copy-paste the text from that intermediate certificate into the main certificate, just stack it right under the existing text.
- You need to generate a non-encrypted private key file. Your options depend on if you know the passcode used to generate the private key in the first place.
- If you know the passcode - your options are to use the OpenSSL process noted below, or ask AlphaToGo to generate this file for you.
- If you do not know the passcode, you are then forced to go through a re-issue process with your SSL provider (normally free) and this time, retain your passcode and go back to step one above.
Using OpenSSL to generate the unencrypted private key
- You must know the "passcode" (password) used when creating your SSL Certificate key.
- Install openssl 64 bit on your machine (if not already present)
- Here is the download if needed: https://slproweb.com/download/Win64OpenSSL_Light-1_1_1a.exe
- If the above link fails, browse this page for the appropriate download: https://slproweb.com/products/Win32OpenSSL.html
- Open a DOS Command box and change the directory to the Openssl directory, typically "cd Program Files\OpenSSL-Win64\bin"
- Enter the passcode when requested.
- copy your key file to a subfolder, open a DOS box to that folder and run:
- openssl rsa -in inKey.key -out OutKey.key
- Example: openssl rsa -in c:/a5/ssl/myapp.key -out c:/a5/ssl/myapp_lb.key