How to renew the self-signed certificate of stackstorm?


(jeff) #1

Hi there,

My stackstorm instance was installed last year and the certification is expired now.
Is there any document or guidance for the certificate renewal?

Thanks.


(Lindsay Hill) #2

The certificate setup is just a standard SSL setup. Key is at /etc/ssl/st2/st2.key, Certificate at /etc/ssl/st2/st2.crt.

You can follow the standard OpenSSL commands for generating a new certificate. E.g. see here

You can also look at the ST2 install docs. Check this section to see how NGINX + SSL is originally set up.

See this line:

sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \
-days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \
Technology/CN=$(hostname)"

Adjust as required for your environment.

I recommend using a proper signed certificate though. Either signed by a proper authority, or use LetsEncrypt (it’s free!), or your own internal CA.


(jeff) #3

@lhill Thanks a lot for your detailed reply!