After installation, the application server generates a so-called self-signed certificate — see self-signed certificate. The browser will display a warning for this certificate. It is possible to replace it with your own certificate.
The certificate must meet the following requirements:
It must be in PEM format
The file must contain both the public part (certificate) and the private part (key).
The key must be in PKCS#1 or PKCS#8 format and may be in either plain or encrypted form. This means the PEM file must contain a section introduced by one of the following headers:
BEGIN RSA PRIVATE KEY,BEGIN PRIVATE KEY,BEGIN ENCRYPTED PRIVATE KEY.
The file must contain the full certificate chain. This includes the root certificate authority certificate.
After uploading, the application server must be restarted.
The upload is performed at the address https://server:5434/certificate.json?password=abc. The certificate must either have no password (in which case the password parameter can be omitted) or the password must be specified in the parameter.
The certificate is then stored in the database without a password.
Note: the certificate cannot be changed in the cloud (even if the command succeeds). We plan to introduce SNI support in the future, but its support is still problematic.
Example CURL command:
curl -X PUT -u jmeno:heslo -k -L -T domena.eu.pem https://localhost:5434/certificate.json
In the command, enter the username and password of an ABRA Flexi user who must have ADMIN rights, including the server right — Manage licenses (the ADMIN user role alone is not sufficient). For more information about user rights, see the article How to work with users.
Note: The SSL certificate can only be changed when the API service is active.