>

SSL certificate installation

David Stevenson -

SSL certificates for use with 4D Server v17 onwards must be in .pem format - plain text x509 using PKCS-1 encryption, so make sure to select that option during your certificate request process.  Most certificate authorities (CAs) allow selection of a server type during this process, you will very rarely see 4D Server listed so our advice is to select Apache as the server type, which is very often the default.

Once you receive your certificate file from the CA you may need to also download the root certificate and any required intermediate certificates if they are not included with your primary certificate.  The type of primary certificate you have purchased will dictate which additional certificates are required, but all root & intermediates must also be in .pem plain text format.

Once you have your primary, root and all intermediates these files need to be copied into your Synergist folder, along with the key.pem file used during the certificate request.  This is always the folder that contains your Synergist structure files.  It will not be the folder that contains your data files if these are in a separate folder.  If you are uncertain about the location of your database folder please contact support and we will advise.

4D Server will detect all required certificates on re-start and https:// connections will then be allowed via the URL secured by your new certificate.  Just re-starting the http server will NOT cause a valid certificate to be recognised, the whole 4D Server application must be restarted.

NOTE:  4D Server will attempt to read any file in the Synergist folder with a .pem file extension so it is important that this folder is kept clean of any old files from previously generated certificates.  Failure to do so will lead to the web server refusing to accept https:// connections.

NOTE 2:  The primary (domain) certificate file MUST be named cert.pem, the key file MUST be named key.pem.  Other intermediate / root certificates can have any name as long as they have a .pem file extension.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk