admin:server_installation_3

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
admin:server_installation_3 [2023/07/24 11:01] – [Installing mSupply Client] Ujwal Khatryadmin:server_installation_3 [2023/08/02 00:31] (current) – [SSL Certificate] Mark Glover
Line 176: Line 176:
 === Configure cache === === Configure cache ===
  
-**Edit** > **Database Settings** > **User settings for Data file**+**Edit** > **Settings** > **User settings for Data file**
  
 {{ :admin:user_settings_-_edit.png?800 |}} {{ :admin:user_settings_-_edit.png?800 |}}
Line 277: Line 277:
  
 ==== SSL Certificate ==== ==== SSL Certificate ====
-The mSupply server also has a webserver as mentioned here :+The mSupply server also has a webserver as mentioned [[web_interface:using_the_web_server#msupply_web_server|here.]]
  
-It is recommended that a public facing web server should have an SSL certificate installed. For the mSupply server a 'cert.pem'  and 'key.pem' need to be generated using the purchased SSL certificate that has been purchased from a SSL vendor. +It is recommended that a public facing web server should have an SSL certificate installed. For the mSupply server a 'cert.pem'  and 'key.pem' need to be generated using the SSL certificate that has been purchased from a SSL vendor. 
  
 Theses files needs to be stored inside the folder C:\Program Files\mSupply\mSupply Server\Server Database  as shown in the image below.  Theses files needs to be stored inside the folder C:\Program Files\mSupply\mSupply Server\Server Database  as shown in the image below. 
Line 285: Line 285:
 {{ :admin:msupply_server_ssl_2023-07-24-t16-22.png?400 |}} {{ :admin:msupply_server_ssl_2023-07-24-t16-22.png?400 |}}
  
- +The cert.pem file contains the certificate in the following format and can have the root as well as the intermediate certificate.
  
 +<code>
 +-----BEGIN CERTIFICATE-----
 +MIIGUzCCBTugAwIBAgIRAP9nsdfsfdsdfYH0oEZgg3k28WUoYQgQwDQYJKoZIhvc
 +gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
 +BgNVBAcTB1NhbGZvcassdsdmQxGDAWBgNVBAoTsdfsD1NlY3RpZ28gTGltaXRlZD
 +AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
 +QTAeFw0yMzA2MTYwMDAwMdsadsdDBaFw0yNDA2MTUyMzU5NTlaMCExHzAdBgNVB
 +Junk
 +-----END CERTIFICATE-----
  
 +-----BEGIN CERTIFICATE-----
 +MIIGEzdddhuyuyuyuCCA/ugAwIBAasdasdgIQfVtRJrR2uhHbdBYLvFMNpzANBg
 +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
 +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
 +BAMTJVVTRVJUcnVzdCBSU0EgQsdsd2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhc
 +MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
 +Junk
 +-----END CERTIFICATE-----
 +</code>
 +
 +The the key.pem file contains 
 +
 +<code>
 +-----BEGIN PRIVATE KEY-----
 +MIIEvAIBADANBgkasasdfqhkiG9w0BhgghAQEFAASCBKYwggSiAgEAAoIBAQCqPA
 +TZB5GnFAODhHMTU+pqGD8eS6NOzWwhoyb2dvZv1w2Gh6fcprPUpATltvcMe8q+fe
 ++ITiYylKfcs2nNYyirr2sdfsdfSPGMKR277MW6G7etFCGjBH/Ae9gRcFk4z8Arnj
 +e9oRf/UChO21bHjN9itHGIT/7ssp068EufJ+thAdDxzp3xNw70lkAXMxzsZhSJ8k
 +CTvUxUF6Niul/1ZReUURCZp6coIweewerRhoLe6KXpgfuuIqtpvyOs2AcGRI6qfx
 +iC20nTBKweefzPg4Uo9d6DdhQD7xdklD1SXlcTgEXpa0Cc/iUGthXWvyWyff5uB
 +junk==
 +-----END PRIVATE KEY-----
 +</code>
 +
 +More recently we have moved towards using Caddy server software which setup a reverse proxy server which use Let's Encrypt to automatically update SSL certificates. This will avoid the need to manually watch and update expiring SSL 
 ==== Installing mSupply Client ==== ==== Installing mSupply Client ====
 Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server. Needed:  mSupply Client software of the same version (or relatively recent) as the mSupply Server.
  • Last modified: 2023/07/24 11:01
  • by Ujwal Khatry