Certificates are used to secure exchanges between the secure client and the secure backend. They are part of the TLS and mutual authentication requirements.

On the backend side, 3 items are required:

• The CA root certificate

• The backend certificate (signed with CA root)

• The backend key

For the 1.0.x series, the keys and certificates need to be organised in this fashion:

• A fullchain.pem file which is the concatenation of the backend certificate and the CA root certificate

• A privkey.pem file which is the backend key

Those files should be (re)placed in the Dockers/SAMDeployment/Server/resources/ directory.

On version 1.1.x of the backend things changed a bit. The keys and certificates need to be organised in the following fashion:

• A ca.pem file which is the CA root certificate

• A cert.pem file which is the backend certificate

• A cert.key file which is the backend key

Those files need to be installed into the HTTP / Caddy container, inside the /etc/ssl/caddy directory. To do so you can, amongst other methods, either mount a host’s local directory with docker-compose to overwrite it or simply copy some host’s local file inside the container.

Example of how to overwrite the container directory by mounting a volume:

http:
  ...
  volumes:
    ...
    - /dir/on/host:/etc/ssl/caddy

Example of how to copy data into the (running) container:

docker cp <file> http:/etc/ssl/caddy/<file>