Security considerations
Wazi Analyze supports only https
connections while communicating with
the browser. The Wazi Analyze container is configured with a self-signed certificate in order for
you to get started quickly. You will get a security warning message the first time you open the Wazi
Analyze UI on your browser. You need to accept the risk to continue.
If you are not using Wazi Analyze for trial or demonstration purposes, replace the self-signed certificate with a certificate that belongs to your company or yourself.
- Replacing a self-signed certificate that is provided inside the container with your certificate in the default location
- Configuring Wazi Analyze to look for your certificate in the location that you prefer
Replacing a provided self-signed certificate with your certificate in the default location
- Put your key-value pairs (certificate and its corresponding key files) in the location where you mount the folder with the Wazi Analyze container.
- Copy both files to /home/wazi/ui/api/dist/certificates
directory.
cp /<path>/<container-shared-directory>/<certificate-file> /home/wazi/ui/api/dist/certificates/<certificate-file> cp /<path>/<container-shared-directory>/<key-file> /home/wazi/ui/api/dist/certificates/<key-file>
Configuring Wazi Analyze to use your certificate from a different location
By default, IBM® Wazi Analyze stores the certificate and its corresponding key in the /home/wazi/ui/api/dist/certificates directory. If you would like to place your certificate in a different location, you can perform one of the methods below.
You have two methods to configure Wazi Analyze to use a certificate from a different location besides the default location.
- Transfer your certificate and key files into the Wazi Analyze container in the location where you want to place your files.
- Run the Wazi Analyze container with the following
command.
Replace the following information:docker run -it -p 5000:5000 -p 4680:4680 -e SSL_CERTIFICATE_LOCATION=<path-to-certificates> -e SSL_KEY_LOCATION=<path-to-certificates> --name <container-name> ibmcom/wazianalyze:<tag>
<path-to-certificates>
- Replace it with the path where you store the certificate and its corresponding key file.
<container-name>
- Replace it with a container name of your choice.
<tag>
- Specify the tag for the Wazi Analyze container that you want to deploy.
- Transfer your certificate and key files into the Wazi Analyze container in the location where you want to place your files.
- Create a configuration file on your local machine with the following
statements.
ReplaceSSL_CERTIFICATE_LOCATION=<path-to-certificates> SSL_KEY_LOCATION=<path-to-certificates>
path-to-certificates
with the path where you store the certificate and its corresponding key file. - Save the file with a
.cfg
extension such aswa_conf.cfg
. - Run the Wazi Analyze container with the following
command.
Replace the following information:docker run -it -p 5000:5000 -p 4680:4680 --env-file <path-to-config-file>/<conf-file>.cfg --name <container-name> ibmcom/wazianalyze:<tag>
<path-to-config-file>
- Replace it with the path where you store your configuration file on your local machine.
<conf-file>
- Replace it with the name that you gave to your configuration file.
<container-name>
- Replace it with a container name of your choice.
<tag>
- Specify the tag for the Wazi Analyze container that you want to deploy.
Accepting the risk of using self-signed certification on the browser
- Firefox
- On the page that you get a
Warning: Potential Security Risk Ahead
message, click the Advanced button. - Click the Accept the Risk and Continue button.
- Repeat step 1 and 2 on port 4680 where the Wazi Analyze API server is running.
- On the page that you get a
- Chrome
- On the page that you get a “Your connection is not private” message, click the Advanced button.
- Select Proceed link.
- Safari
- On the page that you get a “This Connection Is Not Private” message, select the Show Details button.
- Select Visit this website link.
- Click the Visit Website button.
- Enter your credentials for your machine and select Update Settings button.