Installing TLS Certificates
Transport Layer Security (TLS) ensures that data is securely passed between the clients connecting to ConnectReport web services and the ConnectReport server. By default, ConnectReport Server uses self-signed TLS certificates that are generated when the application starts. You can configure ConnectReport Server to use Transport Layer Security (TLS) certificates acquired from a trusted authority or issued by your company.
TLS Certificate requirements
- The server certificate must be a PEM encoded certificate chain. The cert chain should consist of the PEM formatted certificate for a provided private
key
, followed by the PEM formatted intermediate certificates (if any), in order, and not including the root CA. - In addition to the certificate file, you will also need a corresponding, PEM encoded private key file. The private key must not be password encrypted.
- If you are using a server certificate from a local public key infrastructure, or you are using certificates not issued by a well-known CA, you need to provide a certificate authority file to identify the trusted CA. By default, ConnectReport trusts the well-known CAs curated by Mozilla. The CA file should be PEM encoded and can contain multiple PEM CAs concatenated together.
Installing TLS Certificates
Navigate to the Management Console and click Configure in the sidebar.
Under Server Certificate in the TLS section, click Choose file and navigate to your server certificate. Click Upload.
Under Private key in the TLS section, click Choose file and navigate to your private key file. Click Upload.
If you intend to override the default trusted-CAs, under Certificate authority in the TLS section, click Choose file and navigate to your CA file. Click Upload.
Check the Enable custom TLS configuration box.
Click Save configuration.
Once you have uploaded each of the certificates and saved your configuration, on the host server, navigate to services.msc and restart the services in the following order:
- ConnectReport Management Console
- ConnectReport Authentication
- ConnectReport Core
- ConnectReport Proxy