Search for answers or browse our knowledge base

Click here for Partner information on Installing and Upgrading

Login here for full access

SSL Certificate Requirements for Curator Arrival

Updated on December 8th, 2022

Table of Contents

X
SSL Certificate Requirements for Curator Arrival (and 3.1) Requirements Self Signed Certificates (can I use them with Curator?)

SSL Certificate Requirements for Curator Arrival (and 3.1)

Requirements

With Curator Arrival and beyond, there is a new requirement for SSL Certificates for the domain that Curator is running on. At the time of writing (Curator Arrival release, August 2020), specifically for the following servers within the Curator System installation:

  • The Server on which Curator Server is installed (to secure API calls to/from Curator Server).
  • The Web Server on which Curator Gateway web application (specifically and others) is installed to secure user credential passthrough.

The certificates must be installed prior to the system installation. They must also be trusted between the two servers in question (CS Server and IIS Server). And, if Process Engine is installed on a server which isn't the CS Server or IIS Server, this should also include the certificates from both within its trusted root folder.

The certificates should match the FQDNs (Fully Qualified Domain Names), of the servers that are going to be used in the configuration of Curator System (specified above). However, we are able to work with certificates from a domain which is not that of the server where our services are installed. In this instance, we would need to reference the server as if it was on the same domain as the certificate and we find that a corresponding DNS entry is needed to reference the server from elsewhere in the network.

It is preferable that the certificates are installed at the Root folder as well as the Personal folder of the Certificate Store on the server(s) in question. 

Self Signed Certificates (can I use them with Curator?)

The certificate, signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who they claim to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. However, a self-signed certificate should work provided it is installed on the client machine. But do note that this is only for Web Applications (Clip Link, Clip Select, Logger), and self signed certificates do not work where Curator Connect is involved.

Where no outbound access is required, an environment is air-gapped, or no directory services are available, a self-signed certificate is appropriate. In such an environment, the certificate should be installed as a trusted certificate on any system accessing the Curator system, to avoid any untrusted certificate alerts that cause access issues either from a web browser, or embedded HTML renderer, such as Adobe's panel rendering engine.

With this in mind, we wouldn't recommend using Self Signed Certificates for anything other than an air-gapped system.

Was this article helpful?

Related Questions