Location of SSL certificates tutor 11.2.3

Hi all, I’m configuring tutor to run behind an Azure application Gateway. Given that I didn’t create the application gateway I am hoping that it uses V2 of that product which allows end to end encryption and should just be able to pass requests through to caddy without having to configure a cert in the gateway.

I know that a way to do it is to disable caddy and run ngnix on port 81 and setup the forwarding rules like that but that still requires a certificate at the gateway.

After that long winded explanation does anyone know the best way to get at the certs that caddy produces and where they might be.located.

My best location so far is /home/localuser/.local/share/tutor/data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/

or do I need to run manage.py in the caddy container and find them there?

Thanks in advance and I hope this provides enough information for people to give help

Hi @dbates,
I’m not sure I understand your question. Where do you want SSL termination to occur? In Tutor, by default, it occurs in Caddy. If you would like a different component to handle this, you need to disable caddy with RUN_CADDY=false.

Hi Regis

There are multiple ways the termination can occur with azure application gateway. The way it appears to be configured is to use a secondary certificate in the gateway itself. So the company that set this up suggested I get the cert from Caddy and copy that into the application gateway. This is for end to end ssl. As you said if terminating at the gateway then it would have to be a cert on the gateway with caddy turned off and Nginx picking up through put on a different port and using non ssl trafficand dealing with it there.

However it looks like the company that set this up is using a V2 version of the Azure gateway and in that I can do end to end ssl using the lets encrypt X3 root cert as the certificate. So hopefully I will not need to do something like have the cert in copied into the gateway and maintain that when I don’t actually have access to the gateway. It was that process I was enquiring about how to find the cert and copy it to place in the gateway.

Hi Regis thanks for the comments after working with the third party company They acknowledged that what they setup was well not the best way to do it. They and our corporate architects have accepted the best platform implementation is tutor as its designed. so its no longer an issue

1 Like