5. Add SSL Support

(Optional, but recommended)

The SSL protocol provides for a secure channel of communication between the user’s browser and the Open OnDemand portal.

Requirements:

  • a server name that points to the Open OnDemand server (ondemand.my_center.edu)
  • signed SSL certificates with possible intermediate certificates

Note

You may use Let’s Encrypt to obtain a free SSL certificate. You can read more about it in their Getting Started documentation.

In this example we assume the following certificates are provided:

Public certificate
/etc/pki/tls/certs/ondemand.my_center.edu.crt
Private key
/etc/pki/tls/private/ondemand.my_center.edu.key
Intermediate certificate
/etc/pki/tls/certs/ondemand.my_center.edu-interm.crt
  1. Edit the Open OnDemand Portal ood_portal.yml file /etc/ood/config/ood_portal.yml as such:

    # /etc/ood/config/ood_portal.yml
    ---
    
    # ...
    
    servername: ondemand.my_center.edu
    ssl:
      - 'SSLCertificateFile "/etc/pki/tls/certs/ondemand.my_center.edu.crt"'
      - 'SSLCertificateKeyFile "/etc/pki/tls/private/ondemand.my_center.edu.key"'
      - 'SSLCertificateChainFile "/etc/pki/tls/certs/ondemand.my_center.edu-interm.crt"'
    

    Note

    For documentation on SSL directives please see: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html

  2. Build/install the updated Apache configuration file:

    sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
    
  3. Restart the Apache server to have the changes take effect:

    CentOS/RHEL 7:
    sudo systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service
    

Now when you browse to your OnDemand portal at:

http://ondemand.my_center.edu

it should redirect you to the HTTP over SSL protocol deployment:

https://ondemand.my_center.edu

where depending on your browser, should display a green lock of some kind to indicate that the site is secure.