How to add an SSL certificate?
Learn how to setup SSL certificate using certbot or another SSL certificate
Prerequisites
All prerequisites required for RevDeBug Server installation
Server must have Domain Name System (DNS) set up
Ports 80 and 443 must be opened on firewall
Stop RevDeBug Server if it is running
To generate Let’s Encrypt SSL certificate execute command below:
To minimize the impact of erroneously issued certificates, the Let's Encrypt license expires every three months - you can use another SSL certificate
Remember that the certificate file should contain the full certificate chain and be in a PEM format - more on how to create this type of file here
After executing above docker command you’ll need to provide answers to the following:
How would you like to authenticate with the ACME CA?
Select: Spin up a temporary webserver (standalone)
If you are doing this for the first time then you will need to provide your contact email and accept the terms and conditions.
Please enter the domain name(s) you would like on your certificate (comma and/or space separated)
You must specify the fully qualified server name (DNS), for example: revdebug.company.com
After the certificate generation was successful you should see a message similar to the one below:
After generating the certificate, work with the files:
Change directory
Copy the fullchain.pem and privkey.pem key to a pre-selected location of your choice (default path is
/var/revdebug/cert
) Commands to copy the files:
Files must have the same name with the correct extension
Table with description of the most important environment variables in .env for adding SSL certificates
REVDEBUG_CERTIFICATE_PATH
Location of ssl certificates files
e.g.: /var/revdebug/cert
REVDEBUG_CERTIFICATE_NAME
Name of the .crt and .key files in the certificate directory
e.g.: yourCert
To change the default path where the certificates are located, you must also change the
REVDEBUG_CERTIFICATE_PATH
setting in the .env file.Remember to set the correct value of the
REVDEBUG_SERVER_NAME
variable in the .env file.
After enabling the options in the .env file, start RevDeBug Server and access its HTTPS address to verify the changes work.
The private key cannot be password protected.
Certificates from a certification center, if used internally, must reside in /var/revdebug/ca/ as separate .crt files for each root and intermediate certification center that signed the RevDeBug server certificate.
If you are using Kubernetes Monitoring in RevDeBug then you need to switch the insecure=true
parameter in the OTEL configuration file to insecure=false
.
Enabling the use of SSL on the applications side:
C#
Compiler
Set <RevDeBugForceTLS>true</RevDeBugForceTLS>
in Directory.Build.props for example:
Agent APM
Set "ForceTLS": true
in skyapm.json for example:
You would need to recompile/rebuild your application after those changes.
Java
Compiler
Set AforceTLS=true
in pom.xml for example:
Agent APM
agent.force_tls
set to true
if your RevDeBug DevOps Monitor instance has been configured to work with an SSL certificate.
You would need to recompile/rebuild your application after those changes.
JavaScript
Set "secure": true
in revdebug.json for example:
You would need to recompile/rebuild your application after those changes.
Python
Set force_tls = 1
in revdebug.cfg for example:
Last updated