Good day from Singapore,

On 7 Mar 2024 Thursday, I was installing NEW self-signed SSL certificate for Suprema BioStar 2 door access system version for a law firm in Singapore because the common name (CN) in the existing SSL certificate was pointing to the WRONG private IPv4 address

I have referred to the following Suprema technical support guide to install new self-signed SSL certificate for the door access system.

Article: [BioStar 2] How to Apply a Private Certificate for HTTPS

The server certificate/public key (biostar_cert.crt), private key (biostar_cert.key), PKCS12 file (biostar_cert.p12) and Java Keystore (keystore.jks) are all located inside the folder C:\Program Files\BioStar 2(x64)\nginx\conf

Looking at the above directory pathname, it is apparent that the South Korean Suprema BioStar 2 door access system is using the open source nginx web server.

But why are ssl_certificate and ssl_certificate_key directives NOT configured for the HTTPS section in the nginx configuration file? The entire HTTPS section was also commented out. 

I am baffled.

Why is there a Java Keystore (keystore.jks)? Is nginx web server being used in conjunction with some type of open source Java web server?

Looking forward to your reply.

Thank you.

I shall reproduce the nginx web server configuration file for the Suprema BioStar 2 door access system below for your reference.

nginx.conf is inside C:\Program Files\BioStar 2(x64)\nginx\conf


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/;

events {
    worker_connections  1024;

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;

        # proxy the PHP scripts to Apache listening on
        #location ~ \.php$ {
        #    proxy_pass;

        # pass the PHP scripts to FastCGI server listening on
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;

		# Swagger document location
		location /biostar {
			root html;
		# Report document location
		location /report {
			root html;
        # FASTCGI location
        location /api {
			fastcgi_read_timeout 300;
			include fastcgi_params;
		# WEBSOCKET location
		location /wsapi {
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
		location /webdav {
            autoindex                  on;
            alias                      html/download;
            client_body_temp_path      html/download;
            dav_methods                PUT DELETE MKCOL COPY MOVE;
            create_full_put_path       on;
            client_body_in_file_only   on;
            client_body_buffer_size    128K;
            client_max_body_size       1000M;
            dav_access                 user:rw group:rw all:r;

        location /resources {
            root         html;
            autoindex    on;
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #location ~ /\.ht {
        #    deny  all;

    # another virtual host using mix of IP-, name-, and port-based configuration
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }

    # HTTPS server
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }




Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
GIMP also stands for Government-Induced Medical Problems.

