HTTPS configuration

The application uses NGINX proxy to deliver HTTP requests from the browsers to the backend services. This proxy is responsible for SSL termination too.

To configure HTTPS, you need SSL certificates for Process Intelligence. You can choose one of the following options:

Use an SSL certificate issued by the Certification Authority (CA).
This is the recommended approach for the application installation that is intended for a production environment. The connection to the server will be secure and users will not get any warnings from the browser.
Use a self-signed SSL certificate.
If you do not have a signed certificate or if you only require a certificate for testing purposes, use a self-signed SSL certificate. However, in this case users will get warnings from the web browser about the use of a self-signed certificate as the server will not be considered secure.

Self-signed certificates are not recommended in production environments.

If you install the program in a Production environment, it is strongly recommended to use HTTPS and not HTTP.

To configure HTTPS:

Obtain an SSL certificate and a private key.
Run the Process Intelligence installation and follow the steps in the installation wizard. For more information, see Install Process Intelligence.
1. To enable SSL between instances of the PostgreSQL database and application provide path to your database SSL certificate at the Database Connection step. If your PostgreSQL is configured using SSL, provide path to your SSL CA root certificate.
2. To enable SSL between the application and client, specifythe HTTPS port and Base URL for the HTTPS port at the Web Server step.
After the Process Intelligence installation process is complete, do the following:
1. Find the ssl.conf.tpl and ssl.conf files in the $TIMELINE_INSTALLATION_DIR/nginx folder and rename the ssl.conf.tpl file to ssl.conf.
2. Copy your SSL certificate and private key files to the $TIMELINE_INSTALLATION_DIR/nginx folder.
  1. If your private key and certificate files are not named cert.key and cert.pem, respectively, you should change the ssl_certificate and ssl_certificate_key entries in ssl.conf accordingly.
  2. If you have a password file for the SSL key, uncomment the line #ssl_password_file $TIMELINE_INSTALLATION_DIR_DIR/nginx/conf/pass.file; in ssl.conf. If necessary, change the path to the folder you specified during the installation process.
  3. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same cert.pem file in the following order: the primary certificate comes first, then the intermediate certificates.
3. Open .env file and check the following environment variables:
  1. PROXY_SSL_PORT
    
    Make sure the HTTPS port you want to use is specified in the PROXY_SSL_PORT variable.
    
    Example: PROXY_SSL_PORT=443
  2. BASE_URL
    
    Make sure the HTTPS protocol is specified in the BASE_URL variable.
    
    Example: BASE_URL=https://mytimeline.com
  3. DB_SSL
    
    If your remote PostgreSQL is configured with SSL support without root certificate make sure you certificate is in the specified folder.
  4. DB_SSL=./db-ssl
    
    If your remote PostgreSQL is configured with SSL support and a CA Root certificate file used, make sure a path to the root certificate file is specified in this variable.
Restart the Process Intelligence application to apply all the changes:

systemctl restart timeline
Perform a health check.

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 26 Jan 2024