Cloud Maker Enterprise Server (CMES) requires SSL certificates to be created for the app.yourdomain.com and api.yourdomain.com endpoints. This is to ensure that connectivity to the CMES appliance is secure and encrypted.

The following guidance covers the high levels steps for creating the SSL certificates and retrieving the certificate and private key data in PEM format.

There are many different types of certificates and certificate authorities available for use with CMES. You may choose to procure multiple host-specific certificates for app. and api. endpoints, or instead, use a wildcard or Subject Alternative Name certificate.

The first step is to request and provision your desired SSL certificates with your chosen certificate authority. Each certificate authority will have their own process for completing this.

CMES requires certificate data to be supplied in PEM format. If the certificate data supplied by the CA is not in PEM format, you must first convert the certificate data into PEM format before installing the CMES appliance.

The certificate trust chain for the certificate(s) issued for your CMES appliance is likely to include at least one intermediate certificate. If there is no intermediate certificate, then instructions related to intermediate certificates can be ignored.

To convert your certificates to PEM format, do the following:

NOTE: CMES doesn't currently support password-protected private keys. Please ensure any passwords are removed before completing these steps.

Please note that these instructions are for OpenSSL on Windows 11. If you are using a different operating system, the commands may be slightly different. Also, Make sure to replace the file name with your actual file name.

Now that you have combined PEM data for your certificates and private key. You can copy and paste this into the CMES Solution Template deployment wizard in the Azure Marketplace portal during provisioning.