Obtaining a certificate for your enterprise or personal test environment is a requirement of the installation software, when self-hosting Identity Panel. You do not need a certificate for SaaS, since since SaaS is already hosted on port 443 with a certificate. Having a certificate for self-hosting is required by SoftwareIDM as a best practice, and checking that a certificate is validated is performed by the installation software. Additionally, when installing Identity Panel in production, a proper certificate must be installed, with a recognized public or internal CA. When installing Identity Panel into a test, dev, or PoC environment, you have the following options for obtaining a certificate, and still meet our recommended policy.
- Obtain a cert from a public CA (most like prod, but there’s the registration cost, and may have difficulties if not using a real domain name (e.g. dev.local)
- Add the CA role to a Dev domain controller (easy to manage over time since auto-renewal works and computer trust is automatic, but will give security warnings in Chrome)
- Create a self-signed cert (has to be imported and trusted on each VM/env connecting to the site, needs to be redone whenever cert expires)
- We can provide a CA wild-card cert for a test domain (requires creating a DNS zone or host entries to internally route our domain name to the dev Identity Panel)
A proper test configuration with a configured certificate is best approach to having a success production go-live. We recommend that your test environments closely match production to validate your installation and use of Identity Panel.
Please sign in to leave a comment.