Skip to main content
Skip table of contents

Configure satellite to use SSL

[]

Target

Change or update configuration of a satellite to enable HTTPS/SSL connections.

Requirements

  • certificates (complete chain) in PEM format and RSA private key
    • in general requested from hoster
    • complete chain means including all intermediate certificates
  • utilize Update Satellite
  • read Webserver Configuration

The process

Follow the instructions from Update Satellite to duplicate the satellite configuration group, remove the satellites' relations from the new duplicate; duplicate 'WebServerConfigurations'.

In general there are two instances of 'WebServerConfiguration': one for encryted/secure connections and one for connections without security. The secure one has the secure attribute set true.

XML 
<connector port="1234" secure="true">...

Warning: Not recommended for productive environments! Tip: If you do not yet have a 'WebServerConfiguration' for secure connections you can derive one by cloning an existing 'WebServerConfiguration'-asset and change at least the connector's port (... adjust loadbalancers, DNS, ...)

Edit the new created 'WebServerConfiguration' to have a <pem> element with the certifcate and private keys. Satisfy schema for 'WebServerConfiguration' as documented in Webserver Configuration.

Follow the instructions from Update Satellite to connect the new 'WebServerConfiguration' to the new satellite configuration group and make satellites use the new configuration.
Then the first satellite is connected to the new satellite configuration it will instantly reload and use the new 'WebServerConfiguration'. Connect to satellite instance and configured SSL port. Check certificate delivery in browser. Examine satellite's log-messages.

An example

XML 
      <config version="1" name="fancy-foo-staging.example.com">
        <connectors>
          <connector port="8001" secure="true">
            <pem>
-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAw12345IQDSjMS43Tyk9Xn/LUUeTTVTANBgkqhkiG9w0BAQsFADBe
    <snip/>
+asucERFCDShzwe124uidbDFEowwnjtzo87654321A==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIE0gIBAA12wsdcvbikloP78uztfD+MQiFblW7YpruIRdZ+VfU02n
    <snip/>
CABKqewsxcvbnjuztrfdcvghjklfgewgdsvutzwevlkjtrdxcvbhjkop+uJnF4PQ=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEizCCA3vgzUIKJHGfcftzui7resXDCFGHU/65reshkiG9w0BAQsFADBh
    <snip/>
B0AF+poiSEDFGBNJjhbvXf7EDCVFGR567
-----END CERTIFICATE-----
            </pem>
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close