- The XOA main configuration file can be found in /etc/xoserver/config.toml
- The default location for the certificates is /etc/ssl
- The default self signed certificate and key are called cert.pem and
key.pem
- If there is no certificate or self signed certificate has expired a new one will be created
- Generate your certificate request with openssl directly on
the server.
Example:
sudo openssl req -newkey rsa:2048 -keyout /etc/ssl/pkey.key -out /etc/ssl/csr.csr
- Follow the steps of the prompt.
- Be sure you keep the pass phrase in a safe place, you will need it.
- Once the CSR is generated you can provide it to your certificate provider to generate your certificate.
- Be sure to ask for .pem certificate or you will need to convert them through openssl.
- Once you are provided with the cert and key file you should place them in /etc/ssl
- In config .toml change the cert and key files name to point to the new ones.
- Use systemctl restart xo-server to restart the web server for the new files to be taken into account.
More documentation about xo-server configuration here: https://docs.xen-orchestra.com/configuration#https-and-certificates