Note:
This article only concerns On-Premises customers
For Cloud customers, a corresponding certificate is provided from our side.
Why is it important to use SSL certificates?
Only in this way can your users move safely in Haiilo and exchange data securely.
This includes, among other things:
- authentication
- the confidential end-to-end encryption of the data
- securing the integrity of the data
What kind of certificate do I need?
External:
For the external use of Haiilo (via the "public" Internet), any SSL certificate that’s valid and signed by an official certification body can be used.
Internal:
For the internal use of Haiilo, even a self-signed certificate will suffice.
You'll need a certificate in PEM format. This is mandatory to run Haiilo because all HTTP traffic gets routed to HTTPS.
For test environments, you can create a self-signed SSL-Certificate using OpenSSL.
Merge and move your new self-signed SSL certificate or your existing SSL-Certificate to the location defined in your .env file.
Following an example for a self-signed certificate:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out ca.pem -days 1080 -nodes -subj '/CN=\*/O=COYO GmbH./C=DE'
mv key.pem cert.pem
cat ca.pem >> cert.pem
rm ca.pem
The certificate should be provided in the .pem format and have the following structure:
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: e.g. DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
Troubleshooting
If you’re nevertheless unable to establish an encrypted connection to Haiilo, you can use the following command to take a look at the log of the load balancer, where you’ll find indications of why your code isn’t accepted:
docker logs -f $(docker ps | grep coyo-lb | cut -d" " -f1)