Knowledgebase: Enterprise Server
SSL connections with Password Depot Enterprise Server
Posted by AceBIT GmbH on 15 January 2018 21:52

Password Depot Enterprise Server allows the installation and usage of a SSL certificate.

Warning: This installation procedure should be performed only by an experienced administrator.

Password Depot Enterprise Server supports X.509 SSL certificates in PEM and DER formats. Having a certificate allows users to validate the identity of a server before sending any confidential information. 

Before deciding to use SSL connections please consider the following:

1) SSL does not encrypt data transferred from clients to the server. These data are strongly encrypted always accordingly to the internal protocol implemented over TCP/IP.

2) For cross-platform compatibility reasons, we must use OpenSSL library which has some limitations and not recommended by Apple for using on systems iOS and macOS.

3) Using of self-signed certificates is senseless and not recommended. Only certificates signed by a well-known Certificate Authority (CA) can be used for validating of a Password Depot Enterprise Server. If you already own a web server running on HTTPS, using its SSL certificate would be an appropriate solution. Otherwise, you may need to order a new SSL certificate from one of the recognized CA.

4) If you are going to use SSL connections you must install a valid SSL certificate issued by a recognized Certificate Authority. The Enterprise Server can generate a dummy certificate to test the usage of the SSL connection if no other certificate is available but in the real situation that dummy certificate is useless as it can be easily faked by 3rd parties.

5) In the local and internal networks using of SSL is not recommended as all the data transfers between the server and clients are already strong encrypted. Using of SSL does not increase the security of data transfers significantly but allows validation of the server and helps to prevent 'Man-in-the-middle' attacks. This feature might be useful in the external networks when the clients can connect to the server from any location. 

6) If you decide to use SSL connection, make sure all your clients (Windows, Mac OS X, Android, and iOS) will use SSL! Mixed connections (partially SSL and partially standard TCP/IP) are not allowed.

7) To install an SSL certificate, you will need to enter:

  • a) The fully qualified path to the certificate file on the server.
  • b) If the above certificate contains both public and private keys, leave the field empty. If the private key is stored in a separate file, enter the full path to the private key.
  • c) Password for accessing the private key.

Restart the server to load the certificate and start SSL connections.