HTTPS
How to use HTTPS to secure against various threats
CDM-Server takes the secure-by-design approach and thus enforces HTTPS.
HTTPS to Access CDM-Server
If you set the USE_CUSTOM_CERT
environment variable to true
:
- You can provide your own certificate. The server will use these files to serve HTTPS.
- This can be self-signed or CA-signed (recommended).
- There is a dummy file
./cdm-server.pfx
where you have downloaded the CDM-Server. Just replace it with your own certificate.
Warning
If your certificate has a password, please setCUSTOM_CERT_PASS
environment variable. Otherwise, leave it empty.Renew Certificate
Live Reload
At this moment, CDM-Server does not support on-the-fly certificate renewal. This will be supported in a future release.Once you have the renewed certificate file
- Stop the server
- Replace the file
- Restart the server
This will apply the new certificate.
Self-Signed Certificate
If the variable is set to false
, the server will generate and use a self-signed certificate. You can find it in
./.data/certs/<CDM_HOST>.cert.p7b
- X.509 certificate (contains the public key) that you can import to your browser../.data/certs/<CDM_HOST>.pfx
- Certificate inPKCS#12
format. It contains private Key that you should not share.
Warning
Using self-signed certificate is not recommended for production.Install Self-Signed Certificate on User’s Machine
Please see Install Self-Signed Certificate for more information.
LDAP over SSL
For this, look into LDAP documentation.