Enable HTTPS for the Web Server

HTTPS adds a layer of security over your data by using SSL/TLS protocols to encrypt the data transmitted between the web server and the web browser (ie. the client). This encryption ensures that even if someone intercepts the data, they won't be able to understand or modify it easily.

To use HTTPS in production, you’ll need to first obtain digital certificate from a Certificate Authority (CA).

To obtain a digital certificate you will need to generate a Certificate Signing Request (CSR) from your server which contains your generated public key and identity information. The CA will verify and issue you a Digital Certificate that you can supply Iguana along with your generated private key.

For test purposes, IguanaX includes a self-signed certificate file (cert.pem) and private key file (key.pem) that can be used.

If a self-signed certificate is used, your browser will provide a warning as it only trusts certificates issued by one of the Certificate Authorities stored in your computer. You can either:

Add the self-signed certificate to your computer’s certificate store.
Click the Advanced button in the browser and choose to ignore the warning.

You can enable HTTPS by adding your file paths to the Web Configuration File or through the Web Server Settings following the steps below:

Check Use HTTPS to display the Certificate and Private Key File configurations we need to upload.
Select the Certificate File and Private Key File - click save!

The Certificate and Key File must both be PEM format and not password protected.

Iguana will automatically restart the web server and you’ll be logged out.

If you configured a verified certificate file and private key file, you should be able to access the Iguana Dashboard using https:// and no longer using http://.

If you configured the built-in test cert.pem and key.pem files, the browser will notify you that your connection to this site is not secure because it’s using a self-signed certificate (not verified by a Certificate Authority).