Overview¶
All communication within SEAL Operator/SEAL Print Client is TLS encrypted. In the standard installation, self-signed certificates are used for this.
Caution - security gap
Using the pre-installed self-signed certificates in a productive system is a serious security gap!
Execute the following steps in order to avoid the annoying certificate warnings in the browser and to secure the different components of SEAL Operator/SEAL Print Client.
Requirement¶
Get a TLS certificate in the PEM format with a key.pem
and a cert.pem
file.
This certificate has to contain the following entries:
-
localhost
(for local connections on a server) -
Server name of SEAL Operator
Hint - certificate authority
All TLS certificates have to be signed by the same certificate authority (CA).
Hint - other formats
For how to convert other certificate formats, refer to Convert Certificates.
Avoid the Certificate Warnings in the Browser¶
In order to avoid the annoying certificate warnings in the browser, execute the following steps:
-
For how to secure the preconfigured Keycloak from SEAL Systems as OIDC identity provider, refer to the SEAL Interfaces for OIDC documentation.
Secure the Remaining Components¶
In order to secure all components of SEAL Operator, additionally execute the following steps:
Next Step¶
Continue with: Secure the SEAL Operator Services