ELMA365 On-Premises > ELMA365 Enterprise > Administering ELMA365 Enterprise / Enable network encryption (TLS) in ELMA365 Enterprise

Enable network encryption (TLS) in ELMA365 Enterprise

ELMA365 Enterprise supports Transport Layer Security (TLS) 1.2+ for incoming and outgoing traffic. To automatically switch the application to work over the secure HTTPS protocol, enable TLS encryption support.

Enabling TLS for the ELMA365 application consists of three stages:

  1. Prepare a secret with a certificate for working via HTTPS.
  2. Make changes to the configuration file.
  3. Apply TLS parameters for ELMA365 Enterprise..

Step 1: Prepare a secret with a certificate for working via HTTPS

For details, see Create a secret with a certificate for HTTPS operation.

Step 2: Make changes to the configuration file values-elma365.yaml

Начало внимание

Changes are made in the existing configuration file values-elma365.yaml, which was obtained and filled out during the installation of ELMA365. Thoughtless changes to the parameters in this file can lead to the loss of the ELMA365 application's functionality. Before making changes to the file values-elma365.yaml, it is recommended to create a backup copy of it.

Конец внимание

  1. Fill put the configuration file values-elma365.yaml to enable TLS.

To enable encryption support, specify true in the parameter global.ingress.onpremiseTls.enabled. In this parameter, specify the name of the certificate for working via https, for example, elma365-onpremise-tls. The certificate must be issued for the domain name FQDN in the parameter global.host, through which the system will be accessible, for example example.com.

global:
  ## domain (FQDN) or ip address where the system is available
  host: 'example.com'
  ingress:
  ## enable host in ingress (value taken from host)
  ## for installed s3 minio via elma365-dbs charts, specify in the minio block
  ## the value in the hosts parameter in the values-dbs.yaml file
  hostEnabled: false
  onpremiseTls:
    ## enable https
    enabled: true
    ## name of the secret with certificates for https
    secret: "elma365-onpremise-tls"

Filling in the root CA parameters for configuring trust for a custom CA certificate

Начало внимание

Before applying TLS parameters for the ELMA365 application, ensure that the S3 file storage operates over the HTTPS protocol (uses TLS encryption). Reconfigure the S3 file storage to work over the HTTPS protocol before enabling TLS support in the ELMA365 application.

Конец внимание

  1. Specify in the connection parameters that the S3 storage server uses TLS encryption. To do this, set true in the db.s3.ssl.enabled parameter.

...
db:
  ...  
  ## connections settings for S3 file storage
  s3:
    method: PUT
    accesskeyid: PZSF73JG72Ksd955JKU1HIA
    secretaccesskey: aFDkj28Jbs2JKbnvJH678MNwiz88zKjsuNBHHs
    bucket: s3elma365
    backend:
      address: example.com
      region: us-east-1
    ssl:
      enabled: "true"
...

Step 3: Apply TLS parameters for ELMA365 Enterprise

Update the ELMA365 application parameters using the values-elma365.yaml configuration file. The parameter update takes between 10 to 30 minutes. Wait for the ELMA365 Enterprise application parameters to be updated.

Начало внимание

When performing parameter updates, you need to:

  1. Determine the chart version with which the ELMA365 application was installed or updated.
  2. Use the same chart version to apply the new parameters to avoid any adverse effects on the application's operability.

Конец внимание

For online updates

  1. Determine the chart version with which the ELMA365 application was installed:

helm show chart elma365/elma365

Example of command execution:

enable-tls-enterprise-1

The version of the chart with which the ELMA365 application was installed is specified in the version line. This value must be specified for the --version flag (replace <elma365-chart-version>).

  1. Update the parameters specifying the installed version of the ELMA365 application and using the configuration file values-elma365.yaml:

helm upgrade --install elma365 elma365/elma365 -f values-elma365.yaml --version <elma365-chart-version> --timeout=30m --wait [-n namespace]

For offline updates without internet access

Navigate to the directory with the downloaded ELMA365 chart and execute the command:

helm upgrade --install elma365 ./elma365 -f values-elma365.yaml --timeout=30m --wait [-n namespace]

Found a typo? Highlight the text, press ctrl + enter and notify us