Overview

Skill Level: Any Skill Level

Use this recipe to create your certificate signing request (CSR) and then to install your SSL certificate.

Ingredients

These instructions assume that you already own your IBM Bluemix account, and that you have configured the custom domain for your application. For more information, visit IBM Cloud Bluemix.

Step-by-step

  1. IBM Bluemix: Creating Your CSR with OpenSSL

    Use OpenSSL to build your own shell commands for generating your IBM Bluemix CSR.

    How to Generate a CSR for IBM Bluemix Using OpenSSL

    1. Use your terminal client (ssh) to log into your server/workstation.
    2. At the prompt, enter the following command:
      openssl req ‚Äďnew ‚Äďnewkey rsa:2048 ‚Äďnodes ‚Äďkeyout¬†server.key ‚Äďout¬†server.csr
      Note: Make sure to replace server with the name of your server/workstation.
    3. You have now started the process for generating the following two files:
      • Private-Key File: For the decryption of your SSL certificate
      • CSR File: For ordering your SSL certificate
    4. When prompted for the Common Name (domain name), type the fully qualified domain (FQDN) for the site that you are going to secure.
    5. When prompted, type your organizational information, beginning with your geographic information.
      Note: You may have already set up default information.
    6. Open the .csr file that you created with a text editor.
    7. Copy the text, including the¬†—–BEGIN NEW CERTIFICATE REQUEST—–¬†and¬†—–END NEW CERTIFICATE REQUEST—–¬†tags, and paste it into the DigiCert order form.
    8. Save (back up) the generated .key file. You need it later when installing your SSL certificate.
    9. After you receive your SSL certificate from DigiCert, you can install it.
       
  2. IBM Bluemix: Using the OpenSSL & Bluemix Console to Install Your SSL Certificate

    If you have not yet created a certificate signing request (CSR) and ordered your certificate, see Step 1.

    After receiving your SSL certificate, you need to copy it to your server/workstation, upload it to your IBM Bluemix account, and then configure your application to use it.

    I. Copy the SSL Certificate File to Your Server/Workstation

    1. Download your Intermediate (DigiCertCA.crt) and Primary Certificate (your_domain_name.crt) files from your DigiCert account, then copy them to the directory on your server/workstation where you will keep your certificate and key files. Make them readable by root only.
    2. Once you have the private key and certificate files, you can upload them to your IBM Bluemix account and configure your application to use it.

    II. Upload the SSL Certificate to Your IBM Bluemix Account

    1. In a browser, open and log into the IBM Bluemix account.
    2. On the Dashboard select the application you want the SSL certificate to secure.
      bluemix-openssl-install-certificate-1
    3. On the app Overview page, next to View app, click the down arrow and select Manage domains.
      bluemix-openssl-install-certificate-2
    4. On the Manage Organizations page, on the Domains tab, to the right of the application in the SSL Certificate column, click the upload symbol.
      bluemix-openssl-install-certificate-3
    5. In the Upload Certificate window, do the following:
      • Certificate:
        Click Browse. Then locate and select your server certificate .crt file (e.g., star_digicert_support.crt).
      • Private Key:
        Click Browse. Then locate and select your private key .key file (e.g., star_digicert_support.key).
      • Intermediate Certificate:
        Click Browse. Then locate and select the intermediate certificate .crt file (e.g., DigiCertCA.crt).
        bluemix-openssl-install-certificate-4
    6. When you are finished, click Upload.

     III. Congfigure Your Application to Use the SSL Certificate

    1. Within the Manage Organizations section, on the Add Domain page, to the right of the application in the SSL Certificate column, you should see a green certificate symbol.
      Note: After you upload your certificate, it may take some time to propagate the certificate chain to the apps.
      bluemix-openssl-install-certificate-5
    2. Click the green certificate symbol to view the uploaded certificate.
      bluemix-openssl-install-certificate-6
    3. To verify that your application is using your SSL certificate, do the following:
      a. Navigate to the application Dashboard.
      bluemix-openssl-install-certificate-7
      b. On the Dashboard select the application that you secured with the SSL certificate.
      bluemix-openssl-install-certificate-8
      c. On the app Overview page, next to View app, click the down arrow and select Edit routes.
      bluemix-openssl-install-certificate-9
      d. In the Edit routes window, to the right of the application you just secured, click the green lock to verify that the route has been secured.
      bluemix-openssl-install-certificate-10
    4. As a final check, open your application in a browser and in the address bar. Click on the green lock to the left of the URL and then, view the certificate details.
      Note: After you upload your certificate, it may take some time to propagate the certificate chain to the apps.
      bluemix-openssl-install-certificate-11
    5. Congratulations! You have successfully installed your application’s SSL certificate.

     

Join The Discussion