Skip to main content
Skip table of contents

SSL Configuration

Centro 7 and ArangoDB  SSL Configuration

Important Note on this Guide

This guide shows one way to get an SSL certificate ready for ArangoDB, by exporting a certificate on a Windows server and converting to PEM format.  Of course you can use any mechanism you like to generate a certificate in PEM format for use with ArangoDB

SSL provides privacy, critical security and data integrity for both your websites and your users' personal information. The principal use of SSL is to keep sensitive information sent across networks and the internet encrypted so that only the intended recipient can understand it. In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information. 

Requirements

  • Wildcard SSL certificate in .pem format

  • DNS entry for ArangoDB server using domain in SSL certificate (i.e. arangodb.mydomain.com)

ArangoDB on Linux: SSL Certificate to .pem Format via "openssl" 

  • Export the wildcard SSL certificate from a Windows server in .pfk format.

  • Copy the newly exported .pfk file to the ArangoDB Linux server.

  • Convert the .pfk file to .pem file format using OpenSSL on the ArangoDB server.

Command as root user

CODE
		openssl pkcs12 -in /home/sslcert/yourdomain.com.pfx -put /etc/arangodb/yourdomain.pem -nodes


Ubuntu Example:

 

The newly created certificate in .pem format should now exist in the /etc/arangodb directory.

 

ArangoDB 3.x on Windows Server: SSL Certificate to .pem Format via "openssl" 

  • Export the wildcard SSL certificate from a Windows server in .pfk format.

  • Copy the newly exported .pfk file to the ArangoDB Windows server.

  • Download and Install OpenSSL for Windows

  • Convert the .pfk file to .pem file format using OpenSSL on the ArangoDB server.

Download and Install OpenSSL for Windows: SSL for Windows http://gnuwin32.sourceforge.net/packages/openssl.htm

Command as administrator

CODE
		openssl pkcs12 -in C:\SW\cert\yourdomain.com.pfx -out C:\Program Files\ArangoDB3 @ROOTDIR@\etc\arangodb3\yourdomain.com.pem -nodes


Windows Example:

The newly created certificate in .pem format should now exist in the /etc/arangodb3 directory.



ArangoDB 3.x Configuration

 ArangoDB 3.x Configuration


  • Edit arangod.conf file [ssl] section with SSL configuration details and [server] section with endpoint details

  • Add firewall exceptions for port 443, 8529 and https protocol


Configure arangodb to use new ssl certificate and https endpoint

ArangoDB 3.x on Linux:arangod.conf

[ssl]
keyfile = /etc/arangodb/yourdomain.com.pem
protocol = 5


ArangoDB 3.x on Windows: arangod.conf

[ssl]
keyfile = @ROOTDIR@/etc/arangodb/yourdomain.com.pem
protocol = 5


Open arangod.conf and add the ssl keyfile and protocol information under the “[ssl]” section of the file.

If the "[ssl]" entry does not exist it should be added.

Modify endpoint configuration to use SSL endpoint with DNS name.


ArangoDB 2.8.11 Configuration

ArangoDB 2.8.11 Configuration


    • Edit arangod.conf file [server] section with SSL configuration details and endpoint details

    • Add firewall exceptions for port 443, 8529 and https protocol


Configure arangodb to use new ssl certificate and https endpoint

[server]
keyfile = /etc/arangodb/yourdomain.com.pem
ssl-protocol = 5


Open arangod.conf and add the ssl keyfile and protocol information under the “[server]” section of the file. (applies to arangodb 2.8 and earlier only)

Modify endpoint configuration to use SSL endpoint with DNS name.


Server Firewall Exceptions

 Server Configuration: Add Firewall exceptions - Ubuntu using UFW (Uncomplicated Firewall)

Allow https or port 443:

or

 

Allow port 8529:

Stop ArangoDB service:

 Reload Firewall to include configuration changes:

Start ArangoDB service:


Server Configuration: Add Firewall exceptions - CentOS

Please consult firewall documentation for firewall zone implications - http://www.firewalld.org/documentation/zone/predefined-zones.html

Allow https or port 443:

Allow port 8529:

Reload Firewall:

Server Configuration: Add Firewall exceptions – Debian 8.x using UFW (Uncomplicated Firewall)

Allow https or port 443:

Allow port 8529:

Reload Firewall:


Test configuration by visiting the ArangoDB web interfacing using the new DNS name and https protocol (i.e. https://arangodb.mydomain.com/).  Connection should be secure and no issues encountered when loading.



Centro 7 WebApp, PipelineHost and PipelineManager SSL Configuration

 Centro SSL Connection to ArangoDB Configuration


  • Edit CentroSettings.config file for Centro Web, PipelineHost and PipelineManager.

  • Modify "ArangoIP" value to use DNS name for the ArangoDB server.

Pipeline Host Configuration: CentroSettings.config

  1. Edit C:\Program Files\Actify\Centro\PipelineHostService\CentroSettings.config

  2. Set ArrangoUseSSL value to “true” and ArangoIP to ArangoDB DNS hostname.



  3. Restart CentroPipelineHost service to reload the configuration file.




Pipeline Manager Configuration: CentroSettings.config

  1. Edit C:\Program Files\Actify\Centro\PipelineManagerService\CentroSettings.config 

  2. Set ArrangoUseSSL value to “true” and ArangoIP to ArangoDB DNS hostname.



  3. Restart CentroPipelineManager service to reload the configuration file




Centro WebApp Configuration: CentroSettings.config & Web.config

  1. Edit CentroSettings.config.

  2. Set ArrangoUseSSL value to “true” and ArangoIP to ArangoDB DNS hostname.



    **Centro 7.4 and earlier: Edit web.config - Change httpRunTime targetFramework value from “4.5” to “4.6.1”.  Not required for Centro 7.5.




Centro IIS Configuration

Centro IIS Configuration


Centro IIS & SSL Binding

Binding SSL to the Centro IIS site does not require an SSL connection to the ArangoDB from the Centro Web App, Pipeline Host or Pipeline Manager Services as outlined in the above steps.

    • Create an SSL binding in IIS

    • Add HTTPS Protocol to Centro Site and Web Application in IIS

Centro IIS Configuration:  SSL Binding

  1. Select the Centro site in the tree view and click Bindings... in the Actions pane.

  2. Click Add... to add your new SSL binding to the site and select port and certificate.  S

  3. elect https in the Type drop-down list. 

  4. Select your certificate from the SSL Certificate drop-down list.

  5. Click OK.

Centro IIS Configuration:  Enable HTTPS  on site and Web Application in IIS

  1. Select the Centro site of parent site in the tree view.

  2. Click Advanced Settings... in the Actions pane. 

  3. Add "https" to the "Enabled Protocols" setting separated by a comma.

  4. Click OK.


  5. If Centro is installed under a parent site, confirm https is enable on the web app by selection the Centro Web App in the tree view.

  6. Click Advanced Settings... in the Actions pane.

  7. Add "https" to the "Enabled Protocols" setting separated by a comma.

  8. Click OK.



  9. Restart IIS to apply configuration changes.


Additional SSL Configuration Information:

Additional information on configuring IIS and SSL can be found in official Microsoft Documentation here https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis and also from your SSL Certificate Issuer.




JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.