Applies to: OutSystems installed on-premises. For instructions on enabling a custom SSL Domain in OutSystems PaaS, check this topic in the Support Knowledge Base.
This topic describes how to activate SSL/TLS for an environment, allowing users to access your applications using HTTPS.
In this example the Operations team activates SSL/TLS for the Production environment, so that end-users can access applications using HTTPS.
Benefits of Using HTTPS
HTTPS allows you to establish a secure communication channel between the end-user and your OutSystems environment. This way:
- The data exchanged cannot be read by an unauthorized third-party, since it's encrypted;
- The data exchanged cannot be tampered with, since the message integrity is checked;
- Man-in-the-middle attacks are prevented: when the end-user accesses the application using HTTPS, the application server is required to present a certificate, that the end-user's browser checks to see if that is a trusted application server, or some other application server that cannot be trusted.
Moreover, when the environment is using HTTPS, the development environments and monitoring consoles use a secure connection to the environment.
Develop Applications Using HTTPS
In this example, some applications require exchanging sensitive information between the client and the server, like usernames, passwords, or credit card information. To ensure this information is not made available to third-parties, the development teams already implemented the applications to ensure that this information is transferred over HTTPS. Learn how to implement applications using HTTPS.
Before deploying the applications to the Production environment, you need to make sure it has SSL/TLS active, otherwise these parts of the application will simply not work: they require HTTPS but it is not active.
Acquire an SSL Certificate
In order for users to access applications using HTTP, the application server needs to have a valid certificate. For this, you need to acquire a certificate for your domain.
To acquire a valid certificate you need to:
- Create a DNS entry that points to your Production environment. For this, make sure you create with your DNS provider a CNAME Record Type that points directly to your Production environment load balancer.
- Purchase an SSL certificate from a Certificate Authority.
Once you have acquired a certificate for your domain, go to the 'Environments' screen, click the Production environment and in the environment details, under 'Security', choose 'Activate SSL/TLS'.
You can then upload the certificate and click 'Upload and Activate Service'. The certificate you upload needs to be in the .PFX format and include the Private Key. You should check with your Certificate Authority on how to obtain this file. If the certificate has a password, you should also include it in the upload, or wait to be contacted by an OutSystems Support Engineer.
An OutSystems Support Engineer then installs the certificate in the environment and your Production environment changes to signal that you have a secure connection configured. After this, your end-users can start accessing the applications using HTTPS.
Test Your Applications
If you are using HTTPS in parts of your applications, you should activate SSL/TLS in all environments. This will allow you to test the applications closer to the way end-users are going to use them.
For this, acquire a certificate for each environment and follow the instructions presented above.