You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 6
Next »
HTTPS adds a layer of security over your data by using SSL/TLS protocols to encrypt the data transmitted between the web server and the web browser (ie. the client). This encryption ensures that even if someone intercepts the data, they won't be able to understand or modify it easily.
For a Production IguanaX deployment:
To use HTTPS in production, you’ll need to first obtain digital certificate from a Certificate Authority (CA).
To obtain a digital certificate you will need to generate a Certificate Signing Request (CSR) from your server which contains your generated public key and identity information. The CA will verify and issue you a Digital Certificate that you can supply Iguana along with your generated private key.
For a Test IguanaX deployment:
For test purposes, IguanaX includes a sample self-signed certificate file (cert.pem) and private key file (key.pem) that can be used. These can be found in the web configurations file:
<working directory>/configurations/web/
You can enable HTTPS by adding your file paths to the Web Configuration File or through the Web Server Settings following the steps below:
In Settings > Web Server, Click EDIT and check Use HTTPS to enable HTTPS support
Check Use HTTPS to display the Certificate and Private Key File configurations we need to upload.
Select the Certificate File and Private Key File - click save!
The Certificate and Key File must both be PEM format and not password protected.
Verify that HTTPS is working by going to your secured IguanaX instance - ie. https://localhost:7654/
Iguana will automatically restart the web server and you’ll be logged out.
If you configured a verified certificate file and private key file, you should be able to access the Iguana Dashboard using https:// and no longer using http://.
If you configured the included test cert.pem and key.pem files, the browser will notify you that your connection to this site is not secure because it’s using a self-signed certificate (not verified by a Certificate Authority)