Set Up Certificates

You can set up SSL certificates.

Warning: Do not use self signed certificates. Firefox (since version 55) and Chrome-based browsers (since version 80), block them.


Before you begin: Make sure that all services communicate with each other and with the client only through HTTPS.
  1. Generate certificate requests with the openssl command:

    openssl req -new -newkey rsa:2048 -nodes -days 365 -subj
              "/C=country/ST=state/L=city/O=organization/OU=departement/CN=fully.qualified.server.name"
              -out my_certificate.csr -keyout my_certificate.key 
    Important:

    The certificate CN attribute must be equal to:

    • The ServerName, as set in the Reverse Proxy.
    • The FQDN of the service (including case).

    The certificate must not contain protocol (https://) or port information (443).

    Answer the questions (with the constraints on Common Name above). If you use an optional pass phrase (not recommended), you will need to provide it to the reverse proxy.

    This command generates .key and .csr files.

  2. Keep the .key files and send the .csr files to the authority in charge of signing your certificates.

    Specify that the certificates are intended for Apache Httpd (if you use it). The certificate authority will send the .cer (or .crt) signed files back to you.

    When installing the different platform services, only use the .cer (or .crt). On the reverse proxy, only use the .cer (or .crt) and .key.

  3. Make sure that you have configured your SSL certificate () on the reverse proxy as follows on Linux:

    SSLCertificateFile /path/to/your.cer
    SSLCertificateKeyFile /path/to/your.key

    and on Windows:

    SSLCertificateFile \path\to\your.cer
    SSLCertificateKeyFile \path\to\your.key