Overview¶
All communication within SEAL Operator is TLS encrypted. In the standard installation, self-signed certificates are used for this.
Caution - security gap
Using the pre-installed self-signed certificates in a productive system is a serious security gap!
Execute the following steps to secure the different components of SEAL Operator and avoid certificate warnings in the browser.
Requirements¶
Get a TLS certificate in PEM format with a key.pem
and a cert.pem
file.
This certificate has to contain the following entries:
-
localhost
(for local connections on a server) -
Server name of SEAL Operator
Hint - certificate authority
All TLS certificates have to be signed by the same certificate authority (CA).
Hint - other formats
For how to convert other certificate formats, refer to Convert Certificates.
Secure SEAL Operator¶
In order to secure SEAL Operator, execute the following steps:
-
For how to secure the preconfigured Keycloak from SEAL Systems as OIDC identity provider, refer to the SEAL Interfaces for OIDC documentation.
Hint - secure MongoDB
For how to secure MongoDB in general, refer to the SEAL-specific MongoDB documentation.
Next Step¶
Continue with: Secure the SEAL Operator Services