This guide shows one way to get an SSL certificate ready for ArangoDB, by exporting a certificate on a Windows server and converting to PEM format. Of course you can use any mechanism you like to generate a certificate in PEM format for use with ArangoDB
SSL provides privacy, critical security and data integrity for both your websites and your users' personal information. The principal use of SSL is to keep sensitive information sent across networks and the internet encrypted so that only the intended recipient can understand it. In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information.
Requirements
Wildcard SSL certificate in .pem format
DNS entry for ArangoDB server using domain in SSL certificate (i.e. arangodb.mydomain.com)
ArangoDB on Linux: SSL Certificate to .pem Format via "openssl"
Export the wildcard SSL certificate from a Windows server in .pfk format.
Copy the newly exported .pfk file to the ArangoDB Linux server.
Convert the .pfk file to .pem file format using OpenSSL on the ArangoDB server.
Open arangod.conf and add the ssl keyfile and protocol information under the “[server]” section of the file. (applies to arangodb 2.8 and earlier only)
Modify endpoint configuration to use SSL endpoint with DNS name.
Server Firewall Exceptions
Server Configuration: Add Firewall exceptions - Ubuntu using UFW (Uncomplicated Firewall)
Allow https or port 443:
or
Allow port 8529:
Stop ArangoDB service:
Reload Firewall to include configuration changes:
Start ArangoDB service:
Server Configuration: Add Firewall exceptions - CentOS
Server Configuration: Add Firewall exceptions – Debian 8.x using UFW (Uncomplicated Firewall)
Allow https or port 443:
Allow port 8529:
Reload Firewall:
Test configuration by visiting the ArangoDB web interfacing using the new DNS name and https protocol (i.e. https://arangodb.mydomain.com/). Connection should be secure and no issues encountered when loading.
Centro 7 WebApp, PipelineHost and PipelineManager SSL Configuration
Centro SSL Connection to ArangoDB Configuration
Edit CentroSettings.config file for Centro Web, PipelineHost and PipelineManager.
Modify "ArangoIP" value to use DNS name for the ArangoDB server.
Set ArrangoUseSSL value to “true” and ArangoIP to ArangoDB DNS hostname.
Restart CentroPipelineManager service to reload the configuration file
Centro WebApp Configuration: CentroSettings.config & Web.config
Edit CentroSettings.config.
Set ArrangoUseSSL value to “true” and ArangoIP to ArangoDB DNS hostname.
**Centro 7.4 and earlier: Edit web.config - Change httpRunTime targetFramework value from “4.5” to “4.6.1”. Not required for Centro 7.5.
Centro IIS Configuration
Centro IIS Configuration
Centro IIS & SSL Binding
Binding SSL to the Centro IIS site does not require an SSL connection to the ArangoDB from the Centro Web App, Pipeline Host or Pipeline Manager Services as outlined in the above steps.
Create an SSL binding in IIS
Add HTTPS Protocol to Centro Site and Web Application in IIS
Centro IIS Configuration: SSL Binding
Select the Centro site in the tree view and click Bindings... in the Actions pane.
Click Add... to add your new SSL binding to the site and select port and certificate. S
elect https in the Type drop-down list.
Select your certificate from the SSL Certificate drop-down list.
Click OK.
Centro IIS Configuration: Enable HTTPS on site and Web Application in IIS
Select the Centro site of parent site in the tree view.
Click Advanced Settings... in the Actions pane.
Add "https" to the "Enabled Protocols" setting separated by a comma.
Click OK.
If Centro is installed under a parent site, confirm https is enable on the web app by selection the Centro Web App in the tree view.
Click Advanced Settings... in the Actions pane.
Add "https" to the "Enabled Protocols" setting separated by a comma.