Add SSL Protection

Top  Previous  Next

Girder's webserver can encrypt the pages it sends out. To do this it needs a few files. Girder includes a tool that can generate those files for you, or you can generate them yourself.

Certificate files

To properly serve SSL pages girder needs 3 files. The CA certificate (girderca.cert), the server certificate (girder.cert) and the server key (girder.key). These need to be placed in the Girder settings directory.

 

You can get these from a proper CA authority (and pay for that privilege) -or- generate them yourself. When you generate them yourself you will create self-signed certificates and you'll have to add your own certificate to your browsers trust chain. Since you control that certificate that should be safe.

 

Generating your own

You have two options. 1 Use Girder's certgen to generate the files ( this can be done by pressing Generate SSL certificates... on the settings screen ) or options 2: manually using openssl.exe. You can find a guide here: https://enterprise.github.com/help/articles/using-self-signed-ssl-certificates

 

Since SSL certificates are tied to the hostname you must give the hostname that you will be using to access the server. If you are using Girder on your local machine only you can enter "localhost". If you need to access it from elsewhere you'll need to make sure the name in the certificate matches the name you use to access the server. ( for example http://192.168.1.23, would be hostname 192.168.1.23 )

 

Once you generated the files exit Girder and restart Girder.

 

The browser

Of course since we self-signed the certificates the browser is not going to be very impressed with this. It doesn't know about our new Certificate Authority. So let's add our certificate in. In firefox you can do this as follows:

 

Open the Options dialog , click on Advanced, then press the Certificates tab:

 

firefox_certificates1

 

Click on View Certificates, go to the authorities tab and press import

 

firefox_certificates

 

 

In import browse to your Girder settings directory ( Typically c:\users\<YOURNAME>\appData\local\Promixis\Girder 6\ ) and find girderca.cert. Import that one.

 

import_certificate

 

Make sure you check "Trust this CA to identify websites", as that is the whole point of this exercise. That's it. Now load your page and it should come up as SSL secured.