Security considerations

Wazi Analyze supports only https connections while communicating with the browser. The Wazi Analyze container is configured with a self-signed certificate in order for you to get started quickly. You will get a security warning message the first time you open the Wazi Analyze UI on your browser. You need to accept the risk to continue.

If you are not using Wazi Analyze for trial or demonstration purposes, replace the self-signed certificate with a certificate that belongs to your company or yourself.

To avoid the security warning message, consider generating and using a signed certificate. You have two options to install your certificate.
  • Replacing a self-signed certificate that is provided inside the container with your certificate in the default location
  • Configuring Wazi Analyze to look for your certificate in the location that you prefer

Replacing a provided self-signed certificate with your certificate in the default location

Complete the following steps to replace a self-signed certificate that is provided inside the Wazi Analyze container with your company certificate or your own certificate.
  1. Put your key-value pairs (certificate and its corresponding key files) in the location where you mount the folder with the Wazi Analyze container.
  2. Copy both files to /home/wazi/ui/api/dist/certificates directory.
    cp /<path>/<container-shared-directory>/<certificate-file> /home/wazi/ui/api/dist/certificates/<certificate-file>
cp /<path>/<container-shared-directory>/<key-file> /home/wazi/ui/api/dist/certificates/<key-file>

Configuring Wazi Analyze to use your certificate from a different location

By default, IBM® Wazi Analyze stores the certificate and its corresponding key in the /home/wazi/ui/api/dist/certificates directory. If you would like to place your certificate in a different location, you can perform one of the methods below.

You have two methods to configure Wazi Analyze to use a certificate from a different location besides the default location.

Method 1: Adding the key-value pairs directly when running the Wazi Analyze container.
  1. Transfer your certificate and key files into the Wazi Analyze container in the location where you want to place your files.
  2. Run the Wazi Analyze container with the following command.
    docker run -it -p 5000:5000 -p 4680:4680 -e SSL_CERTIFICATE_LOCATION=<path-to-certificates> -e SSL_KEY_LOCATION=<path-to-certificates> --name <container-name> ibmcom/wazianalyze:<tag>
    Replace the following information:
    <path-to-certificates>
    Replace it with the path where you store the certificate and its corresponding key file.
    <container-name>
    Replace it with a container name of your choice.
    <tag>
    Specify the tag for the Wazi Analyze container that you want to deploy.
Method 2: Storing the key-value pairs in the configuration file.
  1. Transfer your certificate and key files into the Wazi Analyze container in the location where you want to place your files.
  2. Create a configuration file on your local machine with the following statements.
    SSL_CERTIFICATE_LOCATION=<path-to-certificates>
SSL_KEY_LOCATION=<path-to-certificates>
    Replace path-to-certificates with the path where you store the certificate and its corresponding key file.
  3. Save the file with a .cfg extension such as wa_conf.cfg.
  4. Run the Wazi Analyze container with the following command.
    docker run -it -p 5000:5000 -p 4680:4680 --env-file <path-to-config-file>/<conf-file>.cfg --name <container-name> ibmcom/wazianalyze:<tag>
    Replace the following information:
    <path-to-config-file>
    Replace it with the path where you store your configuration file on your local machine.
    <conf-file>
    Replace it with the name that you gave to your configuration file.
    <container-name>
    Replace it with a container name of your choice.
    <tag>
    Specify the tag for the Wazi Analyze container that you want to deploy.

Accepting the risk of using self-signed certification on the browser

When you load the Wazi Analyze UI for the first time on your browser, you will get a security warning message. You need to accept the risk to continue. Depending on the browser that you use, complete the following steps.
  • Firefox
    1. On the page that you get a Warning: Potential Security Risk Ahead message, click the Advanced button.
    2. Click the Accept the Risk and Continue button.
    3. Repeat step 1 and 2 on port 4680 where the Wazi Analyze API server is running.
  • Chrome
    1. On the page that you get a “Your connection is not private” message, click the Advanced button.
    2. Select Proceed link.
  • Safari
    1. On the page that you get a “This Connection Is Not Private” message, select the Show Details button.
    2. Select Visit this website link.
    3. Click the Visit Website button.
    4. Enter your credentials for your machine and select Update Settings button.