Automatic certificate updates with no SSL Certificate: Initial setup
Follow these steps for configuring HCL SafeLinx with ACME provider for the first time with no SSL certificate.
About this task
Procedure
-
Create HTTP Service on SafeLinx Server
- Navigate to SafeLinx server administration interface.
- As we don’t have SSL certificate, create an HTTP service with the
following configurations (some of below options might not be available
in service create wizard, use service edit wizard for making mentioned
changes):
Service URL: HTTP (not HTTPS)
TCP port to listen on: 80
Enable Enable Automatic Certificate Update. Provide Certificate Store Server:port details (valid): <cert_store_server_name>:<port_number>
Disable Use secure connection checkbox.
Application server URL: NOAUTH http://<domino-server-url>/.well-known/
Select any Authentication Profile, as per the configuration.
-
Submit Certificate Request from Certificate Store
- Access CertManager on the Domino server.
- Select Add TLS Credentials in the Certificate Store.
- Choose Create Exportable Key and set a strong password.
- Specify SafeLinx server name as Host names, Domino server with access in Server with access fields.
- Select ACME as Certificate provider and select corresponding ACME account.
- Update the other fields and Certificate Attributes.
- Submit the request.
- Use Export TLS credentials to export the
generated certificate as a P12 file with the provided password.Note: This file will be used as the keyring file in SafeLinx configuration.
-
Update SafeLinx Configuration
- Modify the existing SafeLinx configuration:
Update Service URL to HTTPS.
Change TCP port to listen on to any HTTPS port.
Provide the path of the generated P12 file in PKCS12 keystore file.
Update the Keystore password with the password used during P12 file generation.
Configure the time interval for certificate updates, at Time interval to check for certificate updates (hrs) field.
Enable Use secure connection checkbox.
Add required Domino server URL to the Application server URL in Server tab.
Add 80 to Redirect HTTP ports in the General tab.
- Save changes and restart the SafeLinx server for the changes to take effect.
- Modify the existing SafeLinx configuration:
- Access SafeLinx Service URL to verify the certificate details.