HTTPS

How to use HTTPS to secure against various threats

CDM-Server takes the secure-by-design approach and thus enforces HTTPS.

HTTPS to Access CDM-Server

If you set the USE_CUSTOM_CERT environment variable to true:

  • You can provide your own certificate. The server will use these files to serve HTTPS.
  • This can be self-signed or CA-signed (recommended).
  • There is a dummy file ./cdm-server.pfx where you have downloaded the CDM-Server. Just replace it with your own certificate.

Renew Certificate

Once you have the renewed certificate file

  • Stop the server
  • Replace the file
  • Restart the server

This will apply the new certificate.

Self-Signed Certificate

If the variable is set to false, the server will generate and use a self-signed certificate. You can find it in

  • ./.data/certs/<CDM_HOST>.cert.p7b - X.509 certificate (contains the public key) that you can import to your browser.
  • ./.data/certs/<CDM_HOST>.pfx - Certificate in PKCS#12 format. It contains private Key that you should not share.

Install Self-Signed Certificate on User’s Machine

Please see Install Self-Signed Certificate for more information.

LDAP over SSL

For this, look into LDAP documentation.

Last modified December 16, 2024: ca9ced4