HINT: Since version 15.2.x the Enterprise Server does only work with certificates in PEM format. The server uses now OpenSSL 1.1.1.j with TLS1.3. We have implemented a procedure of automatic conversion of your installed PFX or CRT certificates to the PEM format, which may require an additional restarting of the Password Depot Server after the first run. If the server still cannot load the SSL certificate after restart you have to convert your existing certificate into the PEM format manually. Please click here for detailed instructions.
Password Depot Enterprise Server allows you to install and use an SSL certificate.
WARNING: Installation should be performed by an experienced administrator only.
Password Depot Enterprise Server supports X.509 SSL certificates in PEM and DER format. With a certificate, users can verify the identity of a server before sending confidential information to it.
Before you decide to use SSL connections, please note the following points:
1) SSL does not encrypt data transmitted from clients to the server. This data is always strongly encrypted by the internal protocol implemented via TCP/IP.
2) For cross-platform compatibility, we need to use the OpenSSL library, which has some limitations and is not recommended by Apple for use on systems such as iOS and macOS.
3) The use of self-signed certificates is pointless and is not recommended. Only certificates signed by a known CA can be used to validate a Password Depot Enterprise Server. If you already have a Web server that runs on HTTPS, using its SSL certificate is a suitable solution. Otherwise, you may need to order a new SSL Certificate from one of the recognised Certificate Authorities.
4) To use SSL connections, you must install a valid SSL Certificate issued by a recognized Certificate Authority. The Enterprise Server can generate a dummy certificate to test the use of the SSL connection if no other certificate is available. In practice, however, the dummy certificate is useless because it can easily be falsified by third parties.
5) The use of SSL is not recommended in local and internal networks, as all data transfers between the server and the clients are already strongly encrypted. The use of SSL does not significantly increase the security of data transmission, but allows server validation and helps prevent man-in-the-middle (MITM) attacks. This feature can be useful in external networks when clients can connect to the server from anywhere.
6) If you choose an SSL connection, please make sure that all your clients (Windows, Mac OS X, Android and iOS) use SSL! Mixed connections (partly SSL and partly standard TCP/IP) are not allowed.
7) To install an SSL certificate, you must enter the following:
- The fully qualified path to the certificate file on the server.
- If the above certificate contains both public and private keys, leave the field blank. If the private key is stored in a separate file, specify the full path to the private key.
- Password for access to the private key.
Restart the server to load the certificate and start SSL connections.