Automatic certificate updates with no SSL Certificate: Initial setup

Follow these steps for configuring HCL SafeLinx with ACME provider for the first time with no SSL certificate.

About this task

Setup procedure to support ACME providers:

Procedure

  1. Create HTTP Service on SafeLinx Server
    1. Navigate to SafeLinx server administration interface.
    2. As we don’t have SSL certificate, create an HTTP service with the following configurations (some of below options might not be available in service create wizard, use service edit wizard for making mentioned changes):

      Service URL: HTTP (not HTTPS)

      TCP port to listen on: 80

      Enable Enable Automatic Certificate Update. Provide Certificate Store Server:port details (valid): <cert_store_server_name>:<port_number>

      Disable Use secure connection checkbox.

      Application server URL: NOAUTH http://<domino-server-url>/.well-known/

      Select any Authentication Profile, as per the configuration.

  2. Submit Certificate Request from Certificate Store
    1. Access CertManager on the Domino server.
    2. Select Add TLS Credentials in the Certificate Store.
    3. Choose Create Exportable Key and set a strong password.
    4. Specify SafeLinx server name as Host names, Domino server with access in Server with access fields.
    5. Select ACME as Certificate provider and select corresponding ACME account.
    6. Update the other fields and Certificate Attributes.
    7. Submit the request.
    8. Use Export TLS credentials to export the generated certificate as a P12 file with the provided password.
      Note: This file will be used as the keyring file in SafeLinx configuration.
  3. Update SafeLinx Configuration
    1. Modify the existing SafeLinx configuration:

      Update Service URL to HTTPS.

      Change TCP port to listen on to any HTTPS port.

      Provide the path of the generated P12 file in PKCS12 keystore file.

      Update the Keystore password with the password used during P12 file generation.

      Configure the time interval for certificate updates, at Time interval to check for certificate updates (hrs) field.

      Enable Use secure connection checkbox.

      Add required Domino server URL to the Application server URL in Server tab.

      Add 80 to Redirect HTTP ports in the General tab.

    2. Save changes and restart the SafeLinx server for the changes to take effect.
  4. Access SafeLinx Service URL to verify the certificate details.

Results

You have successfully configured SafeLinx for the first time without any SSL certificate. The setup ensures secure communication between SafeLinx and other servers, with automatic certificate updates facilitated by CertManager and ACME providers.