By default, {ProjectName} uses a self-signed SSL certificate to enable encrypted communications between {ProjectServer}, external {SmartProxyServers}, and all hosts. If you cannot use a {Project} self-signed certificate, you can configure {ProjectServer} to use an SSL certificate signed by an external certificate authority (CA).
When you configure {ProjectName} with custom SSL certificates, you must fulfill the following requirements:
-
You must use the privacy-enhanced mail (PEM) encoding for the SSL certificates.
-
You must not use the same SSL certificate for both {ProjectServer} and {SmartProxyServer}.
-
The same CA must sign certificates for {ProjectServer} and {SmartProxyServer}.
-
An SSL certificate must not also be a CA certificate.
-
An SSL certificate must include a subject alt name (SAN) entry that matches the common name (CN).
-
An SSL certificate must be allowed for Key Encipherment using a Key Usage extension.
-
An SSL certificate must not have a shortname as the CN.
-
You must not set a passphrase for the private key.
To configure your {ProjectServer} with a custom certificate, complete the following procedures:
-
[Deploying_a_Custom_SSL_Certificate_to_Server_{project-context}]
-
[deploying-a-custom-ssl-certificate-to-hosts_{project-context}]
-
If you have external {SmartProxyServers} registered to {ProjectServer}, configure them with custom SSL certificates. For more information, see {InstallingSmartProxyDocURL}configuring-capsule-custom-server-certificate_{smart-proxy-context}[Configuring {SmartProxyServer} with a Custom SSL Certificate] in {InstallingSmartProxyDocTitle}.