SSL Configuration
In this article we describe how you can provide a SSL certificate to our software if you aren't using an external web proxy.
Correct certificate format
Our server only support certificates in .pem format. Please ensure that you generate the certificates in the correct format.
You have to keep certain file names so that our software detects your certificate correctly:
For your certificate file: server.crt.pem (If you got an intermediate certificate by your CA you have to ensure, that both certificates are inside this file)
For your private key file: server.key.pem
Certificate trust chain
To create a certificate trust chain please consult the following documentations:
- https://www.digicert.com/kb/ssl-support/pem-ssl-creation.htm
- https://sectigo.com/knowledge-base/detail/Creating-a-pem-File-for-SSL-Certificate-Installations/kA03l00000117PV
Please make sure that the certificate chain is present in the following order and can be converted into a .pem file afterwards:
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: intermediate.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
Updating from v11
When you update your system you have to delete all files inside the subdirectory ssl inside your server maintenance folder. Additionally please remove the following configuration entry of your PowerFolder.config file: ssl.passwordobf=
After doing this please continue at First installation.
First installation
If you are installing PowerFolder you have to create a subdirectory named ssl within your server maintenance folder and place the certificate files within.
Then you need to restart your server. The software will detect our certificate and key file and use those for your ssl connections. It generates a keystore file within your ssl directory. It is very important, that you never delete this file. Else your ssl connection can't get established correctly.
Renewing your certificates
Renewing your certificate is very easy.
Just login as admin in web and navigate inside your server maintenance folder within your ssl directory.
Replace your private key and certificate file with the new ones and restart your service.