Prev Next

Self-Signed SSL Certificates

Configuring the Pro Cloud Server to use HTTPS requires a signed SSL certificate. In general, it is preferable to use a certificate that has been signed by a globally trusted root Certificate Authority (CA) however in some cases (e.g. when testing) you may consider creating and using your own self-signed certificate.

Creating a Self-Signed certificate

There are many ways to create SSL certificates; however, we have found the OpenSSL toolkit to be the easiest and most comprehensive. As the name suggests, OpenSSL is an open source toolkit for SSL/TLS; see the official website for details.

You will need to download and install the OpenSSL product that suits your environment. For the purposes of this document, OpenSSL was installed into C:\OpenSSL-Win64. If your OpenSSL is installed into a different directory then these steps will have to be adjusted to suit.

  • Create a new command/batch file in C:\OpenSSL-Win64\bin\
  • Open this file and paste these details into it

      set SRVNAME=localhost

      openssl genrsa -out %SRVNAME%.key 2048

      openssl req -new -x509 -key %SRVNAME%.key -out %SRVNAME%.cert -days 3650 -subj /CN=%SRVNAME%

      copy /b %SRVNAME%.cert+%SRVNAME%.key server.pem

For details on configuring the Pro Cloud Server to use this certificate, refer to the Using HTTPS (SSL) topic.

Using Self-Signed certificates

When configuring and using the Pro Cloud Server with a self-signed certificate the following points should be taken into consideration.

Feature

Description

See also

Enterprise Architect

When accessing a model in Enterprise Architect via cloud connection you will receive a security warning regarding the self-signed certificate.

Integration Plug-Ins

When configuration integration plugins if your are adding a data provider which accesses an Enterprise Architect model then the 'Ignore SSL Error' option will needs to be enabled.

Add/Edit Data Provider

WebEA

If WebEA is configured to access a model via HTTPS (with a self signed certificate) then the WebEA configuration needs the 'Validate SSL Certificates' set to 'No (I.e. the webea_conifg.ini should include sscs_enforce_certs="false")

How to configure WebEA models

WebConfig

If the WebConfig is configured to use HTTPS (with a self-signed certificate), then the settings.php file must include $sEnforceCerts = 'false';

Learn More