SSL Configuration - csap-platform/csap-core GitHub Wiki

References:     Application Definition     Cert Creation

CSAP SSL configuration

  1. Stored in the application-company.yml in the Application Definition.
  2. ssl can be disabled by setting: keystore-file: ""
  3. all server side connections will also use ssl by default. To disable (and only use in browser): client: false 
csap:
  web-server: 
   
    ssl:
      # port: xxxx  # defaults to http port + 2, agent is 8013
      keystore-type: PKCS12
      keystore-file: file:/opt/csap/csap.p12
      keystore-password: xxxx
      key-alias: csap

Self signed configuration

  1. create a cert (see below)
  2. copy csap.p12 to $csapDefinitionResources
  3. update csap yaml ssl section: self-signed: true and keystore-file: file:/opt/csap/csap-platform/definition/resources/csap.p12
  4. restart csap-agent instances
  5. restart csap-admin instances
  6. restart csap-httpd instances
#
# csap has a convenience shell function
#

make_keystore "my-company.com" "my-password"

#
# csap.p12 is created in current folder
#
cp csap.p12 $csapDefinitionResources

Note that make_keystore is a convenience function that may be exchanged for any equivalent procedure:

https://github.com/csap-platform/csap-packages/blob/master/csap-package-linux/environment/functions/misc.sh#L63

⚠️ **GitHub.com Fallback** ⚠️