Help Search

Manual HTTPS configuration on Debian with user provided certificates

Passbolt debian package currently supports the configuration of nginx. It comes with a default configuration that supports:

  • Serve passbolt on port 80 (http)
  • Serve passbolt on port 443 (https)

On this context ‘manually’ means that the user will provide the SSL certificates, this is the main difference with the ‘auto’ method where Let’s Encrypt will issue the SSL certificate for you.

This manual method is often useful on private network installations with private CA where the system admin issues a new private SSL certificate and uploads it to the passbolt server. It is also a method often used with self-signed SSL certificates for test installations.

On this example we will assume the user is generating a self-signed certificate on the passbolt server.

Generate the SSL certificate

While connected to your passbolt instance you can generate a SSL certificate in the following way:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

This command will output two files the ‘key.pem’ and the ‘cert.pem’ identify the absolute path where these files are located.

Install or reconfigure passbolt

If you don’t have passbolt installed please check on the hosting section for more information on how to install passbolt on debian.

If you have already installed passbolt or you are using our already packaged virtual machine or Digital Ocean image then you want to execute the following command to start the configuration process for SSL:

sudo dpkg-reconfigure passbolt-ce-server

If you are reconfiguring passbolt you most likely want to say ‘NO’ to the mariadb setup question and go for the nginx setup

You should select yes for the nginx setup:

Nginx configuration message fig. Nginx configuration message

Choose ‘manual’ for the SSL setup method:

SSL method selection fig. SSL method selection

Provide the domain name you plan to use for your passbolt server. On this example and as we are using a self-signed certificate the domain name is not as important as if you are planning to use a proper SSL certificate. In the later escenario DNS domain name and SSL domain name must match.

Domain for nginx setup fig. Domain for nginx setup

Provide the full path of the SSL certificate you created on previous steps (‘cert.pem’)

SSL certificate path fig. SSL certificate path

Now provide the full path of the SSL key (‘key.pem’)

SSL private key path fig. SSL private key path

And that’s it you should be able to reach your server on the domain you specified. Keep in mind that you might need to add DNS records to reach your domain on your local network or in a public DNS provider.

Success message fig. Success message

Last updated

This article was last updated on September 20th, 2020.

Are you experiencing issues when installing passbolt?

Ask the community!

{ include layout/row_end.html %}

🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!