HTTPS Communication - Post Installation

TLS is an encryption protocol designed to ensure privacy and keep data secure when being transferred over a network. The following steps are required to ensure that the PD server uses TLS protocol, as older versions did not support TLS configuration.

For troubleshooting or any issues, follow the manual steps under: Process Discovery over HTTPS

Prerequisites

  • PD Server installed (version 21.05 and higher).

  • SSL Certificates - server certificate (*.crt format) + server key file (*.pem format) + CA bundle certificate (*.pem format).

The certificate file names should not contain dot characters e.g. my.cert.crt.

Configuration via ConfigureAll

To configure TLS via the ​configureAll​​ command:

  1. Check that the .crt, .key, and CA bundle certificates are under the same folder.

  2. Open ​C:\Kryon\installer-assets\config\prod\scripts\config.prod.properties.json​​.

  3. Update the following parameters:

    • "NGINX_PORT": 443
    • "KEYCLOAK_HOST": "<FQDN>"
    • "KEYCLOAK_SSL": true
    • "NODEJS_CA_CERTS": "<ca bundle file name>"

      ​​Example​​: "NODEJS_CA_CERTS": "ca-bundle.pem"

    • "HTTP_TYPE": "https"
    • "TLS_ENABLED": "true"
    • "CERTS_DIR ": <Path of the certificates folder>"

      ​​Example​​: "CERTS_DIR": "C:\\Users\\Administrator\\Downloads\\certificateskryonaws"

    • "AEROBASE_TLS_CERT": "<certificate name>"

      ​​Example​​: "AEROBASE_TLS_CERT": "certificate.crt"

    • "AEROBASE_TLS_KEY": "<certificate key>"

      ​​Example​​: "AEROBASE_TLS_KEY": " Key.key"

  4. Save the file.

  5. Open CMD and run the command:

    ​CD C:\Kryon\installer-assets\config\prod\scripts powershell.exe -Command "C:\Kryon\installer-assets\config\prod\scripts\configureAll.ps1 -h 'C:\Kryon' -configDir 'C:\Kryon\config' -n prod -servicesDir 'C:\Kryon\PDServer\MicroServices' -utilsDir 'C:\Kryon\PDServer\Support'"

  6. In the browser address, use https:// protocol to access PD’s components:

    1. PD Console: ​https://${FQDN}/console​​

    2. Seq logging server: ​https://${FQDN}/seq​​

    3. Aerobase management: ​https://${FQDN}/auth/admin/kryon/console/#/realms/kryon

Configuration of a Key Certificate ​with​​ Password

If the key certificate has a password, you can configure the PD server to use your certificate after the above TLS configuration.

To configure a key certificate:

  1. Create a .txt file with the password phrase and save it under: ​C:\Kryon\IDP\Aerobase\Configuration\ssl\<fileName>.txt​​.

  2. Go to ​C:\Kryon\IDP\Aerobase\Data\nginx\conf​​ and find these files:

    • aerobase-http.conf

    • aerobase-subdomains.conf

  3. Where the other ssl_certificate parameters were automatically generated during the TLS configuration above, add the ssl_password_file.

    ssl_password_file C:/Kryon/IDP/Aerobase/Configuration/ssl/password.txt;

​​​​