On-Prem: Install SSL certificate

Note:
This article only concerns On-Premises customers
For Cloud customers, a corresponding certificate is provided from our side.

Why is it important to use SSL certificates?

SSL stands for "Secure Sockets Layer" and helps to encrypt the communication of data that’s from your computer to a server.
Only in this way can your users move safely in Haiilo and exchange data securely.
 
Once this secure connection has been produced, the entire web traffic between the server and the browser is secure.
This includes, among other things:
  • authentication
  • the confidential end-to-end encryption of the data
  • securing the integrity of the data

What kind of certificate do I need?

External: 

For the external use of Haiilo (via the "public" Internet), any SSL certificate that’s valid and signed by an official certification body can be used.

Internal:

For the internal use of Haiilo, even a self-signed certificate will suffice.

You'll need a certificate in PEM format. This is mandatory to run Haiilo because all HTTP traffic gets routed to HTTPS.

For test environments, you can create a self-signed SSL-Certificate using OpenSSL.
Merge and move your new self-signed SSL certificate or your existing SSL-Certificate to the location defined in your .env file.

Following an example for a self-signed certificate:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out ca.pem -days 1080 -nodes -subj '/CN=\*/O=COYO GmbH./C=DE'
mv key.pem cert.pem
cat ca.pem >> cert.pem
rm ca.pem

The certificate should be provided in the .pem format and have the following structure:

-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: e.g. DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----

Troubleshooting

If you’re nevertheless unable to establish an encrypted connection to Haiilo, you can use the following command to take a look at the log of the load balancer, where you’ll find indications of why your code isn’t accepted:

docker logs -f $(docker ps | grep coyo-lb | cut -d" " -f1) 

Was this article helpful?

1 out of 6 found this helpful