Install a certificate

Source:

Published:

Keywords: Genymotion PaaS, TLS/SSL, Let's encrypt, HTTP API, curl

Document ID: https://docs.genymotion.com/usage/paas/certificate#split1

Due to a bug with acme services, domain names with subdomains are not supported with Genymotion PaaS/Device image 10.0.0.

Make sure to use Genymotion PaaS/Device image 11.0.0 or higher if you need to use TLS/SSL certificates.

To remove the security warning when accessing an instance user interface, you must install a trusted certificate.

If you already have a SSL certificate, you can refer to the GitHub repository https://github.com/Genymobile/genymotion-cloud-ssl-tool to install it.

Otherwise, follow the steps below.

Generate a certificate

> Warning: You must have a valid and available domain name to generate a valid certificate.

If you do not have any certificates, a service generates a certificate from Let's encrypt servers and installs it directly in the instance.

Prerequisite

The Let's encrypt service must be able to communicate with the instance during the certificate generation process.

To do so:

Installation steps

The document lists these installation methods:

Web UI

1. Add an allow HTTP (TCP port 80) to all (0.0.0.0/0) inbound rule to your security group/firewall. 2. From the instance user interface, go to Configuration. 3. In the SSL Certificate section, input your domain name and click GENERATE CERTIFICATE. 4. Once finished, remove the HTTP allow HTTP to all inbound rule from your security group/firewall.

HTTP API

It is now possible to use our to generate and install a SSL certificate.

The endpoint is api/v1/configuration/certificate.

The method is POST.

> Note: - <instance_public_ip> can either be the instance public IP or its public domain name. > > - <username>:<password> are the username/password used to connect to the instance. > > - --insecure parameter is mandatory if the current certificate is the self-signed one (can also be used when the current certificate is valid). > > - You need to allow HTTP (TCP port 80) to all (0.0.0.0/0) during the process. You can remove it when finished.

For example, with the curl command from the host computer:

Example

1. Allow inbound HTTP (TCP port 80) to all (0.0.0.0/0) from your security group or firewall rules. 2. Connect the instance to or . 3. Generate and install the certificate: adb ssh 4. Once done, you can remove the inbount HTTP allow to all rule.

Command Line

Remove the certificate

Remove the certificate