To allow secure access to your applications with HTTPS, you need to activate SSL/TLS for the environment where the application is running.
Benefits of using HTTPS
HTTPS allows you to establish a secure communication channel between the end-user and your OutSystems environment. This way:
- The data exchanged cannot be read by an unauthorized third-party, since it's encrypted;
- The data exchanged cannot be tampered with, since the message integrity is checked;
- Man-in-the-middle attacks are prevented: when the end-user accesses the application using HTTPS, the application server is required to present a certificate, that the end-user's browser checks to see if that is a trusted application server, or some other application server that cannot be trusted.
Moreover, when the environment is using HTTPS, the development environments and monitoring consoles use a secure connection to the environment.
Before you start
In order to install SSL/TLS certificates in your OutSystems PaaS, you need to have a valid SSL/TLS certificate and the corresponding private key. The certificate needs to be issued with the DNS name or domain you use to access the environment.
You can purchase a certificate from a Certificate Authority of your choice, or use your domain server certificate. For the later, ask your network administrator a certificate for each environment, or a wildcard certificate that can be installed in all environments of your infrastructure.
Upload Certificate and Enable SSL
Activate SSL/TLS in your environments (versions 9.1.301.0 or higher)
To activate SSL in your Environment (for versions 9.1.301.0 or higher), please follow the steps described in the Enable Custom SSL Domain In OutSystems PaaS article.
Activate SSL/TLS in your environments (versions below 9.1.301.0)
To install your certificate, navigate to the infrastructure management console at http://<yourinfrastructure>/lifetime, and:
- Click on the 'Environments' tab;
- Click on the environment you want to activate SSL/TLS;
- Click the 'Activate SSL/TLS' link;
- You're redirected to a new screen, where you can upload your certificate.
The certificate you upload needs to be in the .PFX format and include the Private Key. You should check with your Certificate Authority on how to obtain this file.
A support ticket is created in the Support Portal. If you need to add more information to your request, like the password of the certificate, access the Support Portal and reply to this ticket.
Enabling HTTPS redirection
Once you have activated SSL/TLS in your environment, you can configure your applications to use HTTPS. For more information on how to configure this redirection, please refer to our Documentation: Enforce HTTPS Security.