SSL Configuration¶
Using VECTR generated certificates¶
If using VECTR generated(self-signed) certificates one can import the CA into your browser. An example of this process can be found here.
Installing SSL Artifacts¶
Using an existing set of CA-Certificates¶
This is for clients and users who want to supply VECTR with a pre-generated certificate and key pair. Some instances where this may be desirable are in enterprises where there is an internal certificate generation process for all applications and/or in a cloud environment where certs are provided from a centralized repository. Certificates MUST match the configured VECTR hostname and are expected to be in PEM format (for the .crt file).
Configuration Guide
Note: The bind mount
Supply an application Certificate and Key Pair by placing these files in this directory
<VECTR_DEPLOY_DIR>/user/certs
It is important the files have specific names
ssl.crt
ssl.key
If your certificates are password protected then you must also set this variable in your .env file.
CA_PASS=<YOUR_CA_PASSWORD>
Troubleshooting¶
The ssl.key must be a "PRIVATE KEY FILE" not a "ENCRYPTED PRIVATE KEY FILE". Encrypted key files are not yet supported. If provided with one you may convert it by using the following command.
openssl rsa -in encryptedssl.key -out ssl.key
You will be prompted with the key passphrase, after converting the output key will be usable by VECTR.
The ssl.crt must be BEGIN CERTIFICATE to END CERTIFICATE. Any additional characters or information will create issues loading the certificate. For example it should look like this.
[]