How to configure OpenSSL on erpnext

Hello guys,

Is there a clear documentation (step) on how to configure OpenSSL with erpnext?

thank you.

Check above-mentioned link for your solutions

Thank you for your response.

I wanted to Implement with self generated certs using openssl (2nd option on the link you provided) and have already gone through it and seems to be not well described.

I have used nginx documentation to install SSL and seems to work on localhost.

Then tried redirecting to Port 8000 (erpnext) and erpnext didn’t recognize the SSL.

I configured on the site_config.json as well, gave the cert location.

Tried installing pyopenssl using pip2 as well.

No expected output.

If you guys can help then?

Hi,

Using Bench Command
Just run:

sudo -H bench setup lets-encrypt [site-name]

For custom domain:
sudo -H bench setup lets-encrypt [site-name] --custom-domain [custom-domain]

Sorry, it did not do anything.

We do not have a public domain.
I have configured
/etc/hosts
192.168.1.2 www.test.com
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

Required is to have an

https://192.168.1.2:8000/

Also created the folder with the domain name similar to site name on erpnext

Any hints?
What do I have to do?

1 Like

Hi,

For local development
If you’re developing a web app, it’s useful to run a local web server like Apache or Nginx, and access it via http://localhost:8000/ in your web browser. However, web browsers behave in subtly different ways on HTTP vs HTTPS pages. The main difference: On an HTTPS page, any requests to load JavaScript from an HTTP URL will be blocked. So if you’re developing locally using HTTP, you might add a script tag that works fine on your development machine, but breaks when you deploy to your HTTPS production site. To catch this kind of problem, it’s useful to set up HTTPS on your local web server. However, you don’t want to see certificate warnings all the time. How do you get the green lock locally?

The best option: Generate your own certificate, either self-signed or signed by a local root, and trust it in your operating system’s trust store. Then use that certificate in your local web server.
Fortunately, modern browsers consider http://127.0.0.1:8000/ to be a “potentially trustworthy” URL because it refers to a loopback address. Traffic sent to 127.0.0.1 is guaranteed not to leave your machine, and so is considered automatically secure against network interception. That means if your web app is HTTPS, and you offer a native app web service on 127.0.0.1, the two can happily communicate via XHR. Unfortunately, localhost doesn’t yet get the same treatment. Also, WebSockets don’t get this treatment for either name.

I used nginx and it’s working with http as required.

And without the ssl, all the POST will be visible for some one who is on same network and dont see it as “potentially trustworthy” URL.

it was best to see detailed step by step implementation of self signed certs on erpnext.