Using Custom Certificates
When running OttoFMS in environments that use custom or self-signed certificates, you'll need to configure your system to trust these certificates. The setup process varies depending on your operating system.
Windows and Linux
On Windows and Linux systems, you need to:
- Create a file containing your root certificates (typically with a
.pemor.crtextension) - Set the
NODE_EXTRA_CA_CERTSenvironment variable to point to this file using a .env file
macOS
On macOS, you'll need to add the certificates directly to the system keychain:
- Open the "Keychain Access" application
- Select "System" from the keychains list on the left
- Drag and drop your certificate file into the certificate list
- Double-click the imported certificate
- Expand the "Trust" section
- Set "When using this certificate" to "Always Trust"
- Close the certificate window (you may be prompted for your administrator password)
Verifying the Setup
After setting up the certificates, restart OttoFMS for the changes to take effect. You can verify the setup by checking if OttoFMS can successfully connect to your services that use these certificates.
Common Issues
- Make sure the certificate file is readable by the user running OttoFMS
- On Windows/Linux, verify the path in
NODE_EXTRA_CA_CERTSis correct and absolute - On macOS, ensure you've added the certificates to the System keychain, not the login keychain
- Remember to restart OttoFMS after making certificate changes
Troubleshooting
If you encounter issues, Windows and Linux servers will log errors to the otto-error.log file. If you are still not seeing anything, turn on debug logging and check the logs.
All rights reserved.