HTTPS and SSL/TLS configuration

HTTPS

By default, P4 DAM does not enforce HTTPS and SSL/TLS connections to your server instance. This might be acceptable for services running behind an organization's firewall, but enforcing HTTPS and SSL/TLS becomes important if the P4 DAM instance is exposed to a public network.

To enforce HTTPS:

  1. Log in to the /admin URL of the P4 DAM installation and navigate to Preferences.
  2. Under Security, select Enforce HTTPS.

    Configuring HTTPS and SSL
  3. Click Save preferences.

SSL/TLS services

If Enforce HTTPS is selected:

  • To configure the P4 DAM services to use the SSL/TLS certificates uploaded to your server, select Enable SSL services.

  • If have P4 DAM running in Enterprise mode with a load balancer, leave Enable SSL services unselected when SSL/TLS is offloaded to your load balancer. The SSL/TLS certificates must be setup on your load balancer.

To enable SSL/TLS services:

  1. Log in to the /admin URL of the P4 DAM installation and navigate to Preferences.
  2. Under Security, select Enable SSL services.

    Configuring HTTPS and SSL
  3. Upload a valid x509 certificate and private key (RSA) in PEM format, with base64-encoded content between header and footer lines.

    Instructions for generating the certificate and private key depend on the provider. For security reasons, only use a self-signed certificate for testing.

    To generate a self-signed certificate and key, you can use OpenSSL:

    openssl req -newkey rsa:2048 -new -x509 -days 730 -nodes -out hth.crt -keyout hth.key

  4. Click Save preferences.

    The certificate expiration date and the assigned domain are displayed.

Troubleshooting tips

Include all certificates to the PEM file.

A single PEM file can contain several certificates and a key. For example:

  • Public certificate
  • Intermediate Certificate
  • Root certificate
  • Private key