Appboard/2.4/admin/ssl configuration: Difference between revisions
imported>Jason.nicholls No edit summary |
imported>Jason.nicholls |
||
Line 24: | Line 24: | ||
# create a Certificate Signing Request (CSR) | # create a Certificate Signing Request (CSR) | ||
# have the CA sign the request | # have the CA sign the request | ||
# download and install the signed certificate on the AppBoard server. Depending on the CA there should be instructions and options for the format of the signed certificate. | # download and install the signed certificate on the AppBoard server. Depending on the CA there should be instructions and options for the format of the signed certificate. It's then necessary to create a keystore file, replace the one shipped with AppBoard, and update the keystore pass and type options. | ||
Another option is to generate a self-signed certificate to replace the self-signed certificate Edge ships with AppBoard. However, to end-users they will still be presented with certificate errors and warnings. | Another option is to generate a self-signed certificate to replace the self-signed certificate Edge ships with AppBoard. However, to end-users they will still be presented with certificate errors and warnings. |
Revision as of 04:16, 1 October 2013
For security reasons it's recommended to run AppBoard over SSL (Secure Socket Layer). This will ensure all communications between clients (browsers) and the AppBoard server are encrypted.
By default AppBoard is configured with SSL disabled, but it does ship with a self-signed server certificate and can easily be enabled. In production environments this certificate should be replaced with one issued by a known Certificate Authority (CA) or one signed by a trusted root certificate within the organization.
Configuring AppBoard for SSL
To enable HTTPS (HTTP over SSL) mode use the HTTP_SSL runtime option and set it to true. In addition you may want to also change:
- HTTP_PORT: HTTPS is typically served on port 443
- KEYSTORE_FILE: if using your own certificate
- KEYSTORE_PASS: if using your own certificate
- KEYSTORE_TYPE: if using your own certificate
See the Runtime Options page for more information on these settings and how to configure them.
Creating A Certificate
The basic process is:
- pick a Certificate Authority, this may be in-house if the organization has a Standard Operating Environment with their own root certificate installed on all systems. Otherwise this would be a commercial CA such as VeriSign, Thawte, or Go Daddy.
- create a Certificate Signing Request (CSR)
- have the CA sign the request
- download and install the signed certificate on the AppBoard server. Depending on the CA there should be instructions and options for the format of the signed certificate. It's then necessary to create a keystore file, replace the one shipped with AppBoard, and update the keystore pass and type options.
Another option is to generate a self-signed certificate to replace the self-signed certificate Edge ships with AppBoard. However, to end-users they will still be presented with certificate errors and warnings.