Certificates are used to secure exchanges between the secure client and the secure backend. They are part of the TLS and mutual authentication requirements.
On the backend side, 3 items are required:
The CA root certificate
The backend certificate (signed with CA root)
The backend key
Version 1.0.x
For the 1.0.x series, the keys and certificates need to be organised in this fashion:
A fullchain.pem file which is the concatenation of the backend certificate and the CA root certificate
A privkey.pem file which is the backend key
Those files should be (re)placed in the Dockers/SAMDeployment/Server/resources/
directory.
Version 1.1.x
On version 1.1.x of the backend things changed a bit. The keys and certificates need to be organised in the following fashion:
A ca.pem file which is the CA root certificate
A cert.pem file which is the backend certificate
A cert.key file which is the backend key
Those files need to be installed into the HTTP / Caddy container, inside the /etc/ssl/caddy
directory. To do so you can, amongst other methods, either mount a host’s local directory with docker-compose to overwrite it or simply copy some host’s local file inside the container.
Example of how to overwrite the container directory by mounting a volume:
http: ... volumes: ... - /dir/on/host:/etc/ssl/caddy
Example of how to copy data into the (running) container:
docker cp <file> http:/etc/ssl/caddy/<file>