SSL Configuration

Using VECTR generated certificates

If using VECTR generated(self-signed) certificates one can import the CA into your browser. An example of this process can be found here.

Installing SSL Artifacts

Using an existing set of CA-Certificates

This is for clients and users who want to supply VECTR with a pre-generated certificate and key pair. Some instances where this may be desirable are in enterprises where there is an internal certificate generation process for all applications and/or in a cloud environment where certs are provided from a centralized repository. Certificates MUST match the configured VECTR hostname and are expected to be in PEM format (for the .crt file).

Configuration Guide

Note: The bind mount

Supply an application Certificate and Key Pair by placing these files in this directory

<VECTR_DEPLOY_DIR>/user/certs

It is important the files have specific names

ssl.crt 
ssl.key

If your certificates are password protected then you must also set this variable in your .env file.

CA_PASS=<YOUR_CA_PASSWORD>

Troubleshooting

The ssl.key must be a "PRIVATE KEY FILE" not a "ENCRYPTED PRIVATE KEY FILE". Encrypted key files are not yet supported. If provided with one you may convert it by using the following command.

openssl rsa -in encryptedssl.key -out ssl.key

You will be prompted with the key passphrase, after converting the output key will be usable by VECTR.

The ssl.crt must be BEGIN CERTIFICATE to END CERTIFICATE. Any additional characters or information will create issues loading the certificate. For example it should look like this.

[]