Managing SSL Certificates

The Haplo Platform assumes and requires that incoming connections are encrypted. Everything is over HTTPS. While unencrypted HTTP requests are accepted, they are immediately redirected to HTTPS.

Here we describe how the necessary SSL certificates are managed.

Locations and file names

All certificates are stored in /haplo/sslcerts. If you’re using Docker this will be the sslcerts directory in the persistent storage location that you’ve mapped into the container.

That directory must contain a private key called server.key and a matching certificate server.crt. If they don’t exist then our scripts will create a self-signed certificate.

Using your own certificate

If you have your own certificate (which must match the URL used for your Haplo instance) then you can replace the self-signed certificate.

Note that you must first allow the self-signed certificate to be created as part of the initial setup, then replace it later.

To do this, replace the existing server.key with your certificate’s private key, replace the existing server.crt with your certificate, and create a file server-intermediate.crt containing any intermediates you need. You must use these file names.

Adding additional sites

The Haplo Platform is a multitenant application server, so allows multiple instances of the application which have unique names. Each name must have a matching SSL certificate.

If you have a wildcard certificate, then you can use that: simply use it as server.crt.

If you have multiple certificates, then the first one must be called server.crt. Additional certificates can be added, using the hostname as the root of the filename. So, for my.host.name, you’ll need my.host.name.key, my.host.name.crt, and my.host.name-intermediate.crt.

If you have a certificate for multiple sites (one that contains Subject Alternate Names) then copy it for each name.

Copying the certificate for the plugin tool

The Plugin Tool needs a copy of the server.crt file, which you can find in the location listed above.