Managing SSL Certificates
The Haplo Platform assumes and requires that incoming connections are encrypted. Everything is over HTTPS. While unencrypted HTTP requests are accepted, they are immediately redirected to HTTPS.
Here we describe how the necessary SSL certificates are managed.
Locations and file names
All certificates are stored in
/haplo/sslcerts. If you’re using Docker this will be the
sslcerts directory in the persistent storage location that you’ve mapped into the container.
That directory must contain a private key called
server.key and a matching certificate
server.crt. If they don’t exist then our scripts will create a self-signed certificate.
Using your own certificate
If you have your own certificate (which must match the URL used for your Haplo instance) then you can replace the self-signed certificate.
Note that you must first allow the self-signed certificate to be created as part of the initial setup, then replace it later.
To do this, replace the existing
server.key with your certificate’s private key, replace the existing
server.crt with your certificate, and create a file
server-intermediate.crt containing any intermediates you need. You must use these file names.
Adding additional sites
The Haplo Platform is a multitenant application server, so allows multiple instances of the application which have unique names. Each name must have a matching SSL certificate.
If you have a wildcard certificate, then you can use that: simply use it as
If you have multiple certificates, then the first one must be called
server.crt. Additional certificates can be added, using the hostname as the root of the filename. So, for
my.host.name, you’ll need
If you have a certificate for multiple sites (one that contains Subject Alternate Names) then copy it for each name.
Copying the certificate for the plugin tool
The Plugin Tool needs a copy of the
server.crt file, which you can find in the location listed above.