菜单

Using Your Own SSL Certificate to Log In to JumpServer

Published 2024年11月07日

Scenario Description

In a corporate environment, security is paramount. When employees need to access sensitive data through JumpServer, using a self-owned SSL certificate can significantly enhance connection security, ensuring the confidentiality and integrity of data transmission. This approach not only provides users with a secure remote access experience but also helps maintain the company's network security standards.

Configuration Description

Configuring SSL Certificate for JumpServer

Obtain an SSL Certificate

You can either generate a self-signed SSL certificate for internal use or obtain one from a trusted Certificate Authority (CA).

Typically, you will need the following files:

  • Certificate file (e.g., cert.pem)

  • Private key file (e.g., key.pem)

  • CA certificate chain (optional, e.g., ca.pem)

Configure Certificate

Log in to the JumpServer and switch to the certificate directory </opt/jumpserver/config/nginx/cert/>, then move the certificate to the certificate directory for storage.

Here, for example, our certificates are jumpserver.crt and jumpserver.key.

root@jumpserver-v4:~# cd /opt/jumpserver/config/nginx/cert/
root@jumpserver-v4:/opt/jumpserver/config/nginx/cert# ll
total 24
drwx------ 2 root root 4096 Oct 10 06:35 ./
drwx------ 3 root root 4096 Jul  4 02:04 ../
-rw------- 1 root root 1346 Oct 10 06:35 jumpserver.crt
-rw------- 1 root root 1675 Oct 10 06:35 jumpserver.key

Edit the main configuration file of JumpServer to modify the certificate-related information.

root@jumpserver-v4:~# vi /opt/jumpserver/config/config.txt
 
# HTTPS_PORT=443
# SERVER_NAME=www.jumpserver.com
# SSL_CERTIFICATE=jumpserver.crt
# SSL_CERTIFICATE_KEY=jumpserver.key
 
# DOMAINS="www.jumpserver.com"

Detailed Parameter Description:

Parameter

Description

DOMAINS

Define trusted domains or access IP addresses

HTTPS_PORT

Define the HTTPS port

SERVER_NAME

Define the JumpServer access domain

SSL_CERTIFICATE

SSL certificate name

SSL_CERTIFICATE_KEY

SSL certificate key name

Restart JumpServer

You need to restart the JumpServer service for the configuration to take effect.

jmsctl restart

After the restart, you can run docker ps to check the health status of the components.

Function Verification

We can verify availability by using <curl> with the domain on the server, or directly test domain access in a browser.

root@jumpserver-v4:~# curl -I https://www.jumpserver.com
HTTP/1.1 200 OK
Date: Fri, 11 Oct 2024 07:51:06 GMT
Content-Type: text/html
Content-Length: 17104
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 19 Sep 2024 12:19:09 GMT
ETag: "66ec16bd-42d0"
Accept-Ranges: bytes

Previous Linux Assets Troubleshooting Guide
Next The Tickets System Enhances Security and Efficiency in Enterprise Permission Management