Skip to content

Overview


All communication within PLOSSYS Output Engine is TLS encrypted. In the standard installation, self-signed certificates are used for this.

Caution - security gap

Using the pre-installed self-signed certificates in a productive system is a serious security gap!

Hint - tls directories contained in delivery

The self-signed certificates contained in delivery are hard-coded. The tls directories contained in delivery only contain examples which certificate files are required and how they look like.

Execute the following steps in order to avoid the annoying certificate warnings in the browser and to secure the different components of PLOSSYS Output Engine.


Requirements

Get a TLS certificate in the PEM format with a key.pem and a cert.pem file.

The certificate has to contain the following entries:

  • Server name of PLOSSYS Output Engine in order to avoid the certificate warnings in the browser

  • localhost if you want to use self-signed certificates

  • Consul-specific server name (for example, <hostname>.node.dc1.consul) if you want to use a certificate issued by a certificate authority (CA)

Hint - certificate authority

All TLS certificates have to be signed by the same certificate authority (CA).

Hint - cluster

In case of a cluster, a separate certificate for each server is required or a certificate containing all names of the Output Engine servers belonging to the cluster.

Hint - other formats

For how to convert other certificate formats, refer to Convert Certificates.


Avoid the Certificate Warnings in the Browser

In order to avoid the annoying certificate warnings in the browser, execute the following steps:


Secure the Remaining Components

In order to secure all components of PLOSSYS Output Engine, additionally execute the following steps:


Next Step

Continue with: Secure PLOSSYS Administrator


Back to top