Adding SSL to genieACS

Hello all
I’m using GenieACS v1.2.8 and trying to add SSL to it according to this manual
GenieACS SSL
but it seems this wiki page is outdated since there is no config file in v1.2 and higher. The question is that where should I store .cert and .key files and where to add e.g. CWMP_SSL entry?

Thanks in advance.

1 Like

This should probably go in the wiki

1 Like

Thank you so much for the prompt response.
These are only guidelines for making HTTPS on GenieACS UI, not between GenieACS and CPE.
What we want is HTTPS between CPE and ACS.
Thanks~~

Exchange the variable/env names and you have HTTPS for CWMP/FS and NBI

1 Like

Hi Jonas,
Would you describe more clearly?

Have a look at this: Environment Variables — GenieACS Documentation 1.2.8 documentation
These are the ENVs you need.
GENIEACS_CWMP_SSL_CERT
GENIEACS_CWMP_SSL_KEY
GENIEACS_NBI_SSL_KEY
GENIEACS_NBI_LOG_FILE
GENIEACS_FS_SSL_CERT
GENIEACS_FS_SSL_KEY

These work like the variable described here:
GENIEACS_UI_SSL_CERT=/etc/letsencrypt/live/MyDomainExample.com/fullchain.pem
GENIEACS_UI_SSL_KEY=/etc/letsencrypt/live/MyDomainExample.com/privkey.pem
( 1.2.3 Let's encrypt https ui without Nginx or Apache2 )
It is also possible / recommended to use different domains for the different services. This allows to split them when needed in the furture.

Hi Jonas,
Thanks for your response.
I tried adding 2 below variables to the genieacs.env file.
GENIEACS_CWMP_SSL_CERT=/opt/genieacs/ext/cwmp.crt
GENIEACS_CWMP_SSL_KEY=/opt/genieacs/ext/cwmp.key

And tried to connect the CPE with an HTTPS connection.
Unfortunately, it did not work.
FYI: it worked with GenieACS version 1.0.

Hello Jonas,
After changing the cert and key file, it worked. My bad!
Thanks for your support!!!

sudo chown genieacs /opt/genieacs/cwmp.crt
sudo chown genieacs /opt/genieacs/cwmp.key

Add 2 below lines into genieacs.env file:
GENIEACS_CWMP_SSL_CERT=/opt/genieacs/cwmp.crt
GENIEACS_CWMP_SSL_KEY=/opt/genieacs/cwmp.key

1 Like