HTTPS

How to use HTTPS to secure against various threats

CDM-Server takes the secure-by-design approach and thus enforces HTTPS.

HTTPS to Access CDM-Server

If you set the USE_CUSTOM_CERT environment variable to true:

  • You can provide your own certificate. The server will use these files to serve HTTPS.
  • This can be self-signed or CA-signed (recommended).
  • There are two dummy files ./cdm-server.crt and ./cdm-server.key where you have downloaded the CDM-Server. Just replace it with your own certificate chain and private key.

Make sure the crt file contains the full certificate chain, including the root and intermediate certificates. The key file should contain the private key in PEM format.

Renew Certificate

Once you have the renewed certificate file

  • Stop the server
  • Replace the file
  • Restart the server

This will apply the new certificate.

Self-Signed Certificate

If the variable is set to false, the server will generate and use a self-signed certificate. You can find it in

  • ./.data/certs/<CDM_HOST>.cert.p7b - X.509 certificate (contains the public key) that you can import to your Windows OS easily.
  • ./.data/certs/<CDM_HOST>.crt - Certificate chain in PEM format.
  • ./.data/certs/<CDM_HOST>.key - Private key in PEM format. You should not share this file with anyone.

Install Self-Signed Certificate on User’s Machine

Please see Install Self-Signed Certificate for more information.

LDAP over TLS

For this, look into LDAP documentation.

Last modified June 12, 2025: 3881c26