Configuring Your SSL Certificate for NGINX

Current ThreatQ Version Filter

Configuring Your SSL Certificate for NGINX

The TAXII server resides behind an NGINX proxy to handle incoming traffic. The NGINX proxy listens on an available port and proxies traffic to the TAXII server container. It also uses the same SSL certificates available for the Apache server for HTTPS traffic.

When you upgrade from 5.22 or later, the TQAdmin tool automatically moves your existing certificate to /etc/docker/nginx/ssl and concatenates the certificate authority (CA) to the certificate. The certificate is then used in the NGINX container at startup. If your environment does not have a CA certificate, NGINX uses /etc/pki/tls/certs/localhost.crt by default.

If you are upgrading to 5.23 or later from an earlier version than 5.22, use the following steps to configure your SSL certificate for use by NGINX:

Place your certificate files in the host directory /etc/docker/nginx/ssl. They will be automatically accessible to the container at the same path (/etc/docker/nginx/ssl).
Concatenate your domain certificate and the intermediate certificate into a single file. Ensure the domain certificate comes first, followed by the intermediate certificate.
cat /etc/docker/nginx/ssl/yourdomain.crt /etc/docker/nginx/ssl/intermediate.crt > /etc/docker/nginx/ssl/yourdomain_combined.crtcat
Use the resulting concatenated file for the ssl_certificate directive in your NGINX configuration.
Configure SSL by adding certificate and private key details to /etc/docker/nginx/conf.d/ssl-cert-paths.conf.

Example NGINX Configuration:
[~]# cat /etc/docker/nginx/conf.d/ssl-cert-paths.conf ssl_certificate /etc/docker/nginx/ssl/yourdomain_combined.crt; ssl_certificate_key /etc/docker/nginx/ssl/yourdomain.key;