HTTPS

How to use HTTPS to secure against various threats

CDM-Server takes the secure-by-design approach and thus enforces HTTPS.

HTTPS to Access CDM-Server

If you set the USE_CUSTOM_CERT environment variable to true:

You can provide your own certificate. The server will use these files to serve HTTPS.
This can be self-signed or CA-signed (recommended).
There is a dummy file ./cdm-server.pfx where you have downloaded the CDM-Server. Just replace it with your own certificate.

If your certificate has a password, please set CUSTOM_CERT_PASS environment variable. Otherwise, leave it empty.

If you have a .cer and .key file, you can convert it to .pfx. More details here: Create PFX.

At this moment, CDM-Server does not support on-the-fly certificate renewal. This will be supported in a future release.

Once you have the renewed certificate file

This will apply the new certificate.

If the variable is set to false, the server will generate and use a self-signed certificate. You can find it in

./.data/certs/<CDM_HOST>.cert.p7b - X.509 certificate (contains the public key) that you can import to your browser.
./.data/certs/<CDM_HOST>.pfx - Certificate in PKCS#12 format. It contains private Key that you should not share.

Using self-signed certificate is not recommended for production.

Please see Install Self-Signed Certificate for more information.

For this, look into LDAP documentation.

Last modified May 22, 2025: 8be99e7