By default, the Authentication Server runs with HTTPS enabled, using a self-signed certificate that is created by Teamwork Cloud installer. To change HTTPS settings please edit Authentication Server configuration file ./config/authserver.properties and change related parameters. After the Authentication Server configuration is updated, the service must be restarted. See the HTTPS/SSL parameters description in the section Advance authentication server configuration parameters.
By default, the Authentication Server uses a self-signed certificate that is created by Teamwork Cloud installer. This means that web browsers will warn users about untrusted server certificate when they first access the Authentication Server. When users choose to trust server certificate, the warning message disappears.
For production environments it is highly recommended to use a certificate signed by trusted certificate authorities (CA). The following steps should be done to generate a keystore file providing that you already have a private key and certificate signed by trusted CA.
When executing the openssl command you will be asked for a keystore password. Please read the instructions carefully and provide all required information.
To generate a keystore file
Create a PKCS 12 file with the OpenSSL tool.
openssl pkcs12 -export -in server.crt -inkey server.key -certfile server.crt -out keystore.p12
|
If the Authentication Server is deployed on a cluster, all service instances should use the same keystore. When using an automatically created keystore with a self-signed certificate, just copy the keystore file from one instance to all the other ones.