CloudShark uses nginx as a web server and listens to the external port 443 for HTTPS (TLS).
CloudShark ships with a self-signed certificate by default and allows
access over HTTPS. The default nginx configuration is located at
To use a different certificate keypair that you have generated upload
your certificate file to
/usr/cloudshark/etc/tls-certificate/cloudshark.crt and the private key
Then restart the system so ensure that CloudShark will use the new certificate and private key that you have generated and not the default self-signed certificate that ships by default.
Run the command
nginx -s reload to apply the new configuration.
If you are running a firewall you must allow the https service, which runs on port 443 over tcp, through the firewall. Visit our firewall configuration page for information on how to configure this for your OS.
Some certificates require that an intermediate certificate be installed
with the public certificate for the server. These certificates are
usually all bundled in the same ZIP archive that the Certificate
Authority (CA) provides after signing your CSR (certificate signing
request). The certificates must be stored in the
together, with the server certificate as the first entry, and then its
parent intermediate certificate, and then so on for as many intermediate
certificates as the CA has provided. The intermediate certificates, as a
convention, have file names identical to the certificate subject line.
You can learn the correct order by inspecting the certificate properties of the https site in most GUI web browsers. A final caveat: if the certificate delimiters share a single line, the format will invalidate the entire certificate chain and nginx will indicate an error:
SSL PEM routines:PEM_read_bio:bad end line error
If this occurs, no harm is done - simply adjust the formatting of your
cloudshark.crt file contents until it is valid.
Note that some certificate authorities provide binary style certificates in DER format. You can convert these to ASCII format (PEM) with the following command:
openssl x509 -in binary_certificate.crt -inform der -outform pem -out ascii_certificate.crt
Sometimes a key file has a passphrase, so that a human must interactively decrypt the contents right before access.
Please note that CloudShark will not start properly with this
configuration. You must remove any passphrases in the key file to allow
CloudShark to start automatically. For example, if a key file named
cloudshark.key.passphrase contains a passphrase, to remove the
passphrase out of the key and save it in a new file called
openssl rsa -in cloudshark.key.passphrase -out cloudshark.key
After you have updated the configuration file, you must restart CloudShark for the new changes to take effect.
Remember to make a backup of your public certificate and private key files that are not saved on the same system!