Configuring an SSL certificate

If you want to use an SSL certificate when running KaDeck on your local machine, you need to create a volume containing the keystore of your certificate and configure KaDeck to use the keystore.

If you already have a keystore with your certificate, you can skip the following section and read the section at the bottom of this page, "Configuring the KaDeck docker container".

Creating a self-signed certificate and keystore

To generate a self-signed SSL certificate using the keytool command on Windows, Mac, or Linux: 

1. Open a command prompt or terminal

2. Run this command

   keytool -genkey -keyalg RSA -alias kadeckweb -keystore selfsigned.jks -validity <days> -keysize 2048
   

   Where <days> indicate the number of days for which the certificate will be valid.

3. Enter a password for the keystore. Note this password as you require this for configuring the server
4. When prompted for a first name and the last name, enter the domain name of the server. For example, localhost.
5. Enter the other details, such as Organizational Unit, Organization, City, State, and Country
6. Confirm that the information entered is correct
7. Run this command to verify the contents of the keystore

   keytool -list -v -keystore selfsigned.jks
   

8. When prompted, enter the keystore password note in Step 3. The basic information about the generated certificate is displayed. Verify that the "Owner" and "Issuer" are the same. Also, you should see the information you provided in Step 4 and 5

Configuring the KaDeck docker container

Once you have a valid keystore containing your certificate, you need to mount the keystore file to the Docker container and configure KaDeck to use the keystore:

docker run -d --network host --name=kadeckweb -e xeotek_kadeck_secret="<secret>" -e xeotek_kadeck_teamid="<teamid>" -e xeotek_kadeck_port=443 -e xeotek_kadeck_keystore_path="/opt/xeotek/selfsigned.jks" -e xeotek_kadeck_keystore_pass="<your_keystore_pass>" -e xeotek_kadeck_keystore_alias="<your_keystore_alias>" -v "<absolutepath_to_jks_file>":"/opt/xeotek/selfsigned.jks" --rm xeotek/kadeckweb

Note that we are now using xeotek_kadeck_port 443, which is the default port for https. 

Replace the placeholders accordingly:

<your_keystore_pass>

Replace this by the password for your keystore.

<your_keystore_alias>

Replace this by the alias name of the keystore.

<absolutepath_to_jks_file>

Replace this by the absolute path to the keystore on your system.

Also, don't forget to replace the <teamid> and <secret> with the values from your welcome mail.

Example values

Example values, if you have created the keystore as mentioned in the section "Creating a self-signed certificate and keystore" above:

<your_keystore_pass>

The password of step 3.

<your_keystore_alias>

"kadeckweb"

<absolutepath_to_jks_file>

"/my/path/to/file/selfsigned.jks"

Logging in

Navigate to https://localhost:443 with your browser and log in with your user name and password (default: admin/admin).