Amadis
Secure Backend - Certificates
Certificates are used to secure exchanges between the secure client and the secure backend. They are part of the TLS and mutual authentication requirements.
On the backend side, 3 items are required:
The CA root certificate
The backend certificate (signed with CA root)
The backend key
Â
Version 1.0.x
For the 1.0.x series, the keys and certificates need to be organised in this fashion:
A fullchain.pem file which is the concatenation of the backend certificate and the CA root certificate
A privkey.pem file which is the backend key
Those files should be (re)placed in the Dockers/SAMDeployment/Server/resources/
directory.
Â
Version 1.1.x
On version 1.1.x of the backend things changed a bit. The keys and certificates need to be organised in the following fashion:
A ca.pem file which is the CA root certificate
A cert.pem file which is the backend certificate
A cert.key file which is the backend key
Those files need to be installed into the HTTP / Caddy container, inside the /etc/ssl/caddy
directory. To do so you can, amongst other methods, either mount a host’s local directory with docker-compose to overwrite it or simply copy some host’s local file inside the container.
Example of how to overwrite the container directory by mounting a volume:
http:
...
volumes:
...
- /dir/on/host:/etc/ssl/caddy
Example of how to copy data into the (running) container:
docker cp <file> http:/etc/ssl/caddy/<file>
Â
The server files have different names when used in the server and in the secure client.
But:
ca.pem
is the exact same file assc_ca.pem
cert.prem
is the exact same file assc_server.crt