Configure Secure communication on RHEL as Local Repo Server
search cancel

Configure Secure communication on RHEL as Local Repo Server

book

Article ID: 393676

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

A Linux server is configured as a local offline repository server to install Symantec Endpoint Protection (SEP) Linux Agent.
You need to enable https/443 communication on Nginx.

Environment

  • RHEL 7/8/9
  • Nginx Server 
  • SEP 14.3 RU3 and Later

Resolution

A 3rd party CA signed certificate is required to configure the secure communication.
Note: It does not accept Self-Signed certificate

1) Get your CSR generated 
Creating Certificate Signing Requests

2) Get your CSR signed from a CA 
List of Trusted Certifying Authorities

3) Once you get the CA Signed certificate, copy the certificate and key in the below path on RHEL Offline Repo Server 

/etc/pki/nginx/server.crt
/etc/pki/nginx/private/server.key
/etc/ssl/certs/dhparam.pem

4) Take the backup of /etc/nginx/nginx.conf file 

5) Edit the nginx.conf file (vi /etc/nginx/nginx.conf)
- Replace current configuration of port 80 with below configuration under server {

 server {
        listen       443 ssl;
        listen       [::]:443 ssl;
        server_name  YOUR-SERVER-NAME;
        root         /var/www/html/repos;

        ssl_certificate /etc/pki/nginx/server.crt;
        ssl_certificate_key /etc/pki/nginx/private/server.key;
        ssl_dhparam /etc/ssl/certs/dhparam.pem
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        index index.php index.html index.htm;
        autoindex on; #enable listing of directory index
        }

        error_page 404 /404.html;
            location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }


6) Save and exit the nginx.conf file 

7) Verify the nginx.conf file configuration by running the following command (nginx -t) 
- Once you see the successful prompt, stop/start the nginx service 

8) 
systemctl stop nginx 
systemctl start nginx 
systemctl status nginx 

9) Test the https connection, run > wget https://YOUR-LOCAL-REPO-IP//sep_linux/14.3RU9/latest.txt from a remote linux server

Additional Information

Powered by Wolken Software