TLS Configuration Post Installation

TLS is an encryption protocol designed to ensure privacy and keep data secure when being transferred over a network. The following steps are required to ensure that the Process Discovery server uses TLS protocol, as older versions did not support TLS configuration.

Prerequisites

• Installed Process Discovery server.

• SSL Certificates - server certificate (*.crt format) + server key file (*.pem format) + CA bundle certificate (*.pem format).

  The certificate file names should not contain dot characters e.g. my.cert.crt.

Configuration via the System Manager

To enable TLS post installation, use the silent installation instructions (CLI). There is no need to uninstall the previous version. Simply rerun the System Manager installation and adjust the config.json and secrets.zip files as required.

Configuration of a key certificate ​with​​ password

If the key certificate has a password, you can configure the Process Discovery server to use your certificate after the above TLS configuration.

To configure a key certificate:

1. Create a .txt file with the password phrase and save it under: ​C:\Nintex\IDP\Aerobase\Configuration\ssl\<fileName>.txt​​.

2. Go to ​C:\Nintex\IDP\Aerobase\Data\nginx\conf​​ and find these files:

   • aerobase-http.conf

   • aerobase-subdomains.conf

3. Where the other ssl_certificate parameters were automatically generated during the TLS configuration above, add the ssl_password_file:

   ssl_certificate C:/Nintex/IDP/Aerobase/Configuration/ssl/certificate.crt

   ssl_password_file C:/Nintex/IDP/Aerobase/Configuration/ssl/password.txt

   ssl_certificate_key C:/Nintex/IDP/Aerobase/Configuration/ssl/Key.key

​​​​