Cloud Maker Enterprise Server (CMES) requires SSL certificates to be created for the app.yourdomain.com and api.yourdomain.com endpoints. This is to ensure that connectivity to the CMES appliance is secure and encrypted.
The following guidance covers the high levels steps for creating the SSL certificates and retrieving the certificate and private key data in PEM format.
Provisioning SSL Certificates
There are many different types of certificates and certificate authorities available for use with CMES. You may choose to procure multiple host-specific certificates for app. and api. endpoints, or instead, use a wildcard or Subject Alternative Name certificate.
The first step is to request and provision your desired SSL certificates with your chosen certificate authority. Each certificate authority will have their own process for completing this.
Converting your SSL Certificates to PEM Format
CMES requires certificate data to be supplied in PEM format. If the certificate data supplied by the CA is not in PEM format, you must first convert the certificate data into PEM format before installing the CMES appliance.
The certificate trust chain for the certificate(s) issued for your CMES appliance is likely to include at least one intermediate certificate. If there is no intermediate certificate, then instructions related to intermediate certificates can be ignored.
To convert your certificates to PEM format, do the following:
NOTE: CMES doesn't currently support password-protected private keys. Please ensure any passwords are removed before completing these steps.
Convert the SSL certificate, intermediate certificate, and private key to PEM format by running the following commands:
For an SSL certificate in DER format:
openssl x509 -inform DER -in certificate.cer -out certificate.pem
For an SSL certificate in PKS#7 format:
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
For an SSL certificate in PKS#12 format:
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
Combine the public parts of the certificate and intermediate certificate into a single PEM file by running the following command:
type certificate.pem intermediate.pem > combined.pem
You can now use the combined.pem file for your SSL certificate and intermediate certificate.
Please note that these instructions are for OpenSSL on Windows 11. If you are using a different operating system, the commands may be slightly different. Also, Make sure to replace the file name with your actual file name.
Using the PEM Certificate Data
Now that you have combined PEM data for your certificates and private key. You can copy and paste this into the CMES Solution Template deployment wizard in the Azure Marketplace portal during provisioning.