Prev | Next |
Self-Signed SSL Certificates
Configuring the Pro Cloud Server to use HTTPS requires a signed SSL certificate. In general, it is preferable to use a certificate that has been signed by a globally trusted root Certificate Authority (CA) however in some cases (e.g. when testing) you might consider creating and using your own self-signed certificate.
Creating a Self-Signed certificate
There are many ways to create SSL certificates; however, we have found the OpenSSL toolkit to be the easiest and most comprehensive. As the name suggests, OpenSSL is an open source toolkit for SSL/TLS; see the official website for details.
You will need to download and install the OpenSSL product that suits your environment. For the purposes of this document, OpenSSL was installed into C:\OpenSSL-Win64. If your OpenSSL is installed into a different directory then these steps will have to be adjusted to suit.
- Create a new command/batch file in C:\OpenSSL-Win64\bin\
- Open this file and paste these details into it
set SRVNAME=localhost
openssl genrsa -out %SRVNAME%.key 2048
openssl req -new -x509 -key %SRVNAME%.key -out %SRVNAME%.cert -days 3650 -subj /CN=%SRVNAME%
copy /b %SRVNAME%.cert+%SRVNAME%.key server.pem
For details on configuring the Pro Cloud Server to use this certificate, refer to the Using HTTPS (SSL) topic.
Using Self-Signed certificates
When configuring and using the Pro Cloud Server with a self-signed certificate, these points should be taken into consideration.
Feature |
Description |
See also |
---|---|---|
Enterprise Architect |
When accessing a model in Enterprise Architect via cloud connection you will receive a security warning regarding the self-signed certificate. |
|
Integration Plug-Ins |
When configuration integration plugins if your are adding a data provider which accesses an Enterprise Architect model then the 'Ignore SSL Error' option will needs to be enabled. |
Add/Edit Data Provider |
WebEA |
If WebEA is configured to access a model via HTTPS (with a self signed certificate) then the WebEA configuration needs the 'Validate SSL Certificates' set to 'No (I.e. the webea_conifg.ini should include sscs_enforce_certs="false") |
How to configure WebEA models |
WebConfig |
If the WebConfig is configured to use HTTPS (with a self-signed certificate), then the settings.php file must include $sEnforceCerts = 'false'; |