Last Updated: 2023-03-02 16:04:21
Curator 101: Updated Setup of SSL/TLS Certificates for HTTPS
Matthew Orr
Curator Engineer
March 2, 2022
This post is an update to a previous blog about SSL/TLS certificates and has been updated to reflect the most current capabilities and UI of Curator.
If your Curator portal is available to the World Wide Web, we highly recommend setting up encryption for the connection between your users and Curator itself. It’s like having a luxury Italian sports car but leaving the doors unlocked in a seedy area with the keys in plain view—something is bound to be stolen. Even if Curator is tucked behind a nice firewall, setting up an encrypted connection isn’t a bad idea.
Determining Where to Terminate Encryption
The one thing to consider here is that if your Curator portal sits behind some sort of network device, such as a reverse proxy or load balancer, you may need to terminate the encrypted connection there instead of Curator itself (see the documentation for configuring Curator behind proxies). The other option is to configure that network device to allow encrypted traffic through to Curator unharmed, so Curator is the one that handles terminating the SSL/TLS connection.
If the encrypted connection is not terminated on a load balancer or reverse proxy, you will need to set up SSL/TLS on the Curator server. To do so, you’ll need to have an SSL/TLS certificate file and a private key file. These are usually generated by your own IT department. Be sure they include Subject Alternative Names when they are generated.
Configuring Linux-based Curator Instances
This is a broad outline to give you an idea of what will need to take place. The online documentation has the detailed instructions on how to carry out each of these steps:
- Ensure Apache’s SSL/TLS module (mod_ssl) is installed and enabled.
- Upload your SSL/TLS certificates and key to the Curator server.
- Add or modify the Apache configuration for port 443 to use those certificates and key.
- Restart the Apache web service and test the HTTPS version of your Curator link (i.e. https://your.curator.portal/) in a browser.
- If needed, configure Curator to force all the links it generates to use the HTTPS protocol.
Configuring Microsoft Windows-based Curator Instances
Please note that these steps are specific to Windows servers using the Apache HTTPD web server. Contact us if you need help configuring IIS to support SSL/TLS.
Here is a broad outline of what will need to take place. Again, the online documentation contains the detailed instructions on how to perform each of these steps:
- Upload your SSL/TLS certificates and key to the Curator server.
- Modify the existing Apache configuration for port 443 to use those certificates and key.
- Restart the Apache web service and test the HTTPS version of your Curator link (i.e. https://your.curator.portal/) in a browser.
- If needed, configure Curator to force all the links it generates to use the HTTPS protocol.
In the rapidly evolving landscape of Analytics, it’s become paramount to give your users maximum flexibility while also delivering reliable and sophisticated insights. Today, this means spending a huge amount of effort to create complex dashboards that consider all the variety of ways someone might want to see your data – all in the pursuit of empowering people to make well-informed data-driven decisions.
