DCImanager 6
Documentation
/
DCImanager 6
/
Getting started
/
Connecting the SSL certificate

Connecting the SSL certificate

SSL certificate is a digital document that confirms the authenticity of the website and ensures the security of the user's personal data. When using an SSL certificate, data is transmitted to the server via a secure protocol. An SSL certificate consists of a public key and a private key, and may also include a chain of certificates.

If the certificate was not specified when installing the platform, a self-signed SSL certificate will be connected to the platform. When opening the platform's web interface, a warning about a possible security threat will appear in the browser. To prevent this warning from appearing, connect an SSL certificate signed by a certificate authority to the platform.

You can purchase a certificate from any certificate issuing service or get a free one from Let's Encrypt. You can get a Let's Encrypt certificate through the platform interface. The platform interacts with Let's Encrypt using the acme.sh script.

A Let's Encrypt certificate is valid for 90 days and is automatically reissued before the expiration date. If you ordered a certificate through the platform interface, the platform will automatically start the renewal process before the certificate expires.  

Managing certificates

To connect the certificate, in the right menu, click the  icon  → System overview tab:

  1. Click the Re-connect the certificate button.
  2. To connect an issued SSL certificate:
    1. Open the Add the issued SSL certificate tab.
    2. Enter an arbitrary SSL certificate Name. The certificate will be displayed in the platform interface under this name.
    3. Copy the contents of the SSL certificate public key in pem, crt, or cer format.
    4. If the certificate contains a chain, copy its contents into the SSL certificate chain field. If the chain consists of two files, enter the intermediate certificate first, and then the root certificate from a new paragraph without a space.
    5. Copy the contents of the SSL certificate Private key in key format.
    6. Click the Connect certificate button. The platform will check if the private key matches the certificate. If the check is successful, the certificate will connect to the server.
       
  3. To issue and connect a Let's Encrypt certificate:
    1. Open the Let's Encrypt tab.
    2. Enter the Domain of the server with the platform.
    3. Enter the Admin's email. Notifications about the certificate status will be sent to this address.
    4. Click the Connect certificate button. The platform will start the process of certificate obtaining.

If the certificate is successfully connected, the icon will appear in the SSL Certificate line. Some browsers require refreshing the page for this icon to appear.

If certificate issuance failed, the  icon will be displayed next to the certificate name.

If the platform fails to automatically reissue the Let's Encrypt certificate, warning banners will appear in the interface. The first banner appears two weeks before the certificate expires, the second one — after the expiration date.

To connect another certificate, click the Reconnect the сertificate link and enter the certificate details.

To view information about the connected certificate, click the link in the SSL certificate line.

Example of certificate information 

Diagnostics

Certificate issue logs are saved to the /var/log/nginxctl.log file in the dci_input_1 container on the platform server.

Useful tips

Related topics: