Using own certificates in RPM install

[JonathonReinhart]

I have certificates/keys I want to use for my Portus RPM installation. I run portusctl setup and it generates its own keys, printing this message:

Generating private key and certificate"
************************************************************************
If you want to use your own private key and certificates, upload them to
 * /etc/apache2/ssl.key/portus.example.com-ca.key"
 * /etc/apache2/ssl.crt/portus.example.com-ca.crt"
 * /etc/apache2/ssl.crt/portus.example.com-ca.crt"
and then re-run this script"
************************************************************************

Issues:

1. The formatting is off; there are trailing quotes on almost every line above.
2. The .crt line is duplicated.
3. I'm assuming -ca.crt / -ca.key are for the auto-generated self-signed CA, and -server.crt / -server.key is for the actual HTTPS certificate. That's fine, but why would I upload a certificate/key for my HTTPS server, and call it -ca? This is confusing from a UX perspective.

I can't find the procedure for installing my own keys anywhere in the documentation.

Also, in my test setup (which I'm trying to migrate to production) I have the following symlink:

/srv/Portus/config/server.key -> /etc/apache2/ssl.key/portus.example.com-ca.key

I can't remember why I created this. Is /srv/Portus/config/server.key necessary? Edit: I see that config/secrets.yml references this file for encryption_private_key_path:

[JonathonReinhart]

I've got this working using the following setup:

After running the initial portusctl setup, edit /etc/apache2/vhosts.d/portus.conf to get rid of -ca, and point the key at its normal place:

   SSLCertificateFile /etc/apache2/ssl.crt/portus.example.com.crt
   SSLCertificateKeyFile /etc/apache2/ssl.key/portus.example.com.key

Then fix the /srv/Portus/config/server.key symlink to point to /etc/apache2/ssl.key/portus.example.com.key

It would be a UX improvement to allow this to happen automatically when running portusctl setup.

[mssola]

Wow, thanks @JonathonReinhart a lot for your comments. I agree 100% with what you said.

[adidragomir]

Other confusing messages are:

1. first line after I run portusctl setup: "ssl" already present - because I was setup a docker implementation using self-signed certificates I was thinking Portus detected my self-signed certificates !
2. some very confusing indications about the registry configuration file when portusctl was finished: what is the meaning of the following names?

• DISTRIBUTION HOST CERTIFICATE.crt
• DISTRIBUTION HOST KEY.key
• DISTRIBUTION HOSTNAME
• portus.crt: I did not find any file with this name on the Portus host. Should we keep this name in the configuration file and rename the Portus host certificate file, for example myportushost.com-ca.crt to portus.crt?

[mssola]

Closing in favor of #1464.