Documentation Center

Enabling HTTPS for Access Management running as a Linux daemon

Where Access Management is installed as Linux daemon, enable and configure HTTPS by editing the application settings file, appsettings.json.

Before you begin

This task assumes that you have a signed certificate, either issued from an certificate authority (CA) or self-signed. Regardless of the type of certificate, you must provide both the certificate and the private key in a single file, such as a .pfx file.

You can store the in either of the following locations on the server where you the installed Access Management service:

  • a root certificate store
  • a folder to which Access Management has Read permission, such as the bin\Certificates folder of the installed service

Procedure

  1. Go to the bin\ subfolder of the root folder where the Access Management service is installed.
  2. Open appsettings.json for editing.
  3. Find the section URLs section.
  4. Replace the URLs section in its entirety with a new Kestrel section according to one of the following samples, depending on how your certificate is installed:
    "Kestrel":  {
        "EndPoints":  {
     
            "HttpsInlineCertFile": {
              "Url":  "https://*:443",
                "Certificate":  {
                "Path": "/path/to/certificate.pfx",
                "Password": "tridion"
                }
            }
        }      
    }
    Where:
    • PATH is the location of the certificate on the server. For example, Certificates/domain.accessmanagement.com.pfx.
    • PASSWORD is the password that is protecting certificate file.
  5. Save and close appsettings.json.
  6. Restart the Access Management service.

Results

Access Management is now configured for a secure HTTPS connection. Note that if the configuration defines both HTTP and HTTPS endpoints, then the HTTP endpoint will be ignored and redirected to the HTTPS version.