Automatic certificate updates with existing SSL Certificate

Follow these steps for configuring HCL SafeLinx with ACME provider when SSL certificate already exists.

About this task

Setup procedure to support ACME providers:

Procedure

  1. Create HTTP Service on SafeLinx Server
    1. Navigate to SafeLinx server administration interface.
    2. Create/edit an HTTP service with the following configurations (some of below options might not be available in service create wizard, use service edit wizard for making mentioned changes):

      Service URL: Provide HTTPS URL on which HTTP service will be hosted.

      TCP port to listen on: 443 or any available port to allow requests for HTTP service.

      Enable Enable Automatic Certificate Update.

      Provide Certificate Store Server:port details (valid): <cert_store_server_name>:<port_number>

      Application server URL: NOAUTH http://<domino-server-url>/.well-known/ & add the required domino server URL. Add 80 to Redirect HTTP ports
      Note: AMCE HTTP-01 challenge should be listed and server on port 80.

      Select any Authentication Profile and other configurations as required.

  2. Submit Certificate Request from Certificate Store
    1. Access CertManager on the Domino server.
    2. Select Add TLS Credentials in the Certificate Store.
    3. Choose Create Exportable Key and set a strong password.
    4. Specify SafeLinx server name as Host names, Domino server with access in Server with access fields.
    5. Select ACME as Certificate provider and select corresponding ACME account.
    6. Update the other fields and Certificate Attributes.
    7. Submit the request.
    8. Use Export TLS credentials to export the generated certificate as a P12 file with the provided password.
      Note: This file will be used as the keyring file in SafeLinx configuration.
  3. Update SafeLinx Configuration
    1. Modify the existing SafeLinx configuration:

      Provide the path of the generated P12 file in PKCS12 keystore file.

      Update the Keystore password with the password used during P12 file generation.

      Configure the time interval for certificate updates, at Time interval to check for certificate updates (hrs) field.

      Keep 80 port entry in Redirect HTTP ports in the General tab.

    2. Save changes and restart the SafeLinx server for the changes to take effect.
  4. Access SafeLinx Service URL to verify the certificate details.

Results

You have successfully configured SafeLinx for the first time with an SSL certificate. The setup ensures secure communication between SafeLinx and other servers, with automatic certificate updates facilitated by CertManager and ACME providers.