Enabling HTTPS

If HTTPS is used, the TLS/SSL certificate and key are needed. Kronodoc software contains a test certificate, which should not be used in production because the certificate authority that has issued the test certificate is not publicly acknowledged.

The TLS/SSL certificate required is a x.509 certificate for Apache/mod_ssl, which should be signed by a party that is a trusted certificate authority in the browsers used to access Kronodoc Kronodoc. The so-called ‘Super certificate’ or ‘Global server ID’ allow for older browsers to use strong encryption. By default Kronodoc requires strong encryption on TLS/SSL connections.

Usage of weak encryption can be technically allowed in Kronodoc configuration, but is strongly discouraged because weak encryption is easily cracked.

Certificate can be installed at the same time with Kronodoc or later. If the TLS/SSL key has a password, the Kronodoc cannot be automatically started since the password has to be entered each time Kronodoc web server is started. Thus the server should be secured and the server key should be readable by root user only.