HTTPS and SSL/TLS configuration

HTTPS

By default, P4 DAM does not enforce HTTPS and SSL/TLS connections to your server instance. This may be acceptable for services running behind an organization's firewall, but enforcing HTTPS and SSL/TLS is recommended if the P4 DAM instance is exposed to a public network.

To enforce HTTPS:

  1. Log in to the /admin URL of the P4 DAM installation and navigate to Preferences.

  2. Under Security, select Enforce HTTPS.

    Configuring HTTPS and SSL

  3. Click Save preferences.

SSL/TLS services

If Enforce HTTPS is selected:

  • To configure the P4 DAM services to use the SSL/TLS certificates uploaded to your server, select Enable SSL services.

  • If have P4 DAM running in Enterprise mode with a load balancer, leave Enable SSL services unselected when SSL/TLS is offloaded to your load balancer. The SSL/TLS certificates must be setup on your load balancer.

To enable SSL/TLS services:

  1. Log in to the /admin URL of the P4 DAM installation and navigate to Preferences.

  2. Under Security, select Enable SSL services.

    Configuring HTTPS and SSL

  3. Upload a valid x509 certificate and private key (RSA) in PEM format, with base64-encoded content between header and footer lines.

    Instructions for generating the certificate and private key depend on the provider. For security reasons, we recommend that you only use a self-signed certificate for testing.

    To generate a self-signed certificate and key, you can use OpenSSL:

    openssl req -newkey rsa:2048 -new -x509 -days 730 -nodes -out hth.crt -keyout hth.key

  4. Click Save preferences.

    The certificate expiration date and the assigned domain are displayed.

Troubleshooting tips

Include all certificates to the PEM file.

A single PEM file can contain a number of certificates and a key. For example:

  • Public certificate
  • Intermediate Certificate
  • Root certificate
  • Private key

Include all of the certificates in the PEM file, but not the private key. Otherwise, Git clients may receive the following error messages when doing operations against repositories:

https://helixteamhub.com/hth/projects/platform/repositories/git/insufficient-ssl-cert/': SSL certificate problem: unable to get local issuer certificate

or

error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing.