Setting up a secure hub
Protect your hub with TLS so clients can connect over adcs://.
uhub requires a modern TLS library — OpenSSL 3.0+ or LibreSSL 3.4+ — and supports TLS 1.2 (default) and TLS 1.3.
Configuring uhub
Once you have a certificate and private key, set these directives in uhub.conf:
tls_private_key = "/path/to/domainname.key"
tls_certificate = "/path/to/domainname.crt"
tls_enable = yes
tls_require = yesClients can now connect using the adcs:// protocol handle.
Creating a self-signed certificate
Generate a 2048-bit RSA private key:
openssl genrsa -out domainname.key 2048Then create a certificate valid for 365 days:
openssl req -new -x509 -nodes -sha256 -days 365 \
-key domainname.key > domainname.crtYou will be prompted for the certificate data described below.
Using a certificate authority
Generate a private key:
openssl genrsa -out domainname.key 2048Create a certificate signing request (CSR):
openssl req -new -key domainname.key -out domainname.csr
Send domainname.csr to your CA for signing. When you receive the signed
certificate back, save it as domainname.crt.
Certificate data
When creating a certificate you are asked a series of questions:
- Country — two-letter code, e.g.
DE. - State or Province — e.g. Bavaria.
- Locality — e.g. Munich.
- Organization — your organization or your own name.
- Organizational Unit — your department (can be left blank).
- Common Name — the hostname of your server, e.g.
secure.example.org. - E-mail address.