Overview

---

All communication within SEAL Operator/SEAL Print Client is TLS encrypted. In the standard installation, self-signed certificates are used for this.

Caution - security gap

Using the pre-installed self-signed certificates in a productive system is a serious security gap!

Execute the following steps in order to avoid the annoying certificate warnings in the browser and to secure the different components of SEAL Operator/SEAL Print Client.

---

Requirement

Get a TLS certificate in the PEM format with a key.pem and a cert.pem file.

This certificate has to contain the following entries:

• localhost (for local connections on a server)

• Server name of SEAL Operator

Hint - certificate authority

All TLS certificates have to be signed by the same certificate authority (CA).

Hint - other formats

For how to convert other certificate formats, refer to Convert Certificates.

---

Avoid the Certificate Warnings in the Browser

In order to avoid the annoying certificate warnings in the browser, execute the following steps:

• Secure the SEAL Operator Services

• For how to secure the preconfigured Keycloak from SEAL Systems as OIDC identity provider, refer to the SEAL Interfaces for OIDC documentation.

---

Secure the Remaining Components

In order to secure all components of SEAL Operator, additionally execute the following steps:

• Secure Consul

• Change the Token for Encrypting the Credentials

Hint - secure MongoDB

For how to secure MongoDB in general, refer to the SEAL-specific MongoDB documentation.

---

Next Step

Continue with: Secure the SEAL Operator Services

---