Self-signed certificates

You require an SSL configuration to integrate IBM Process Mining and IBM Task Mining.

In a production environment, you must use an official SSL certificate that is obtained from the certificate authority (CA). For both local and test environments, you can install a self-signed certificate. You can then add the created self-certificate to the NGINX configuration.

This topic describes how to create a sample self-signed certificate and configure the system to use the certificate in a local or test environment. You can use multiple methods to create self-signed certificates. This topic explains one of the methods.

Important: For security reasons, it is recommended to use HTTPS.

For demonstration purposes, the instruction steps include the following sample domains:

  • IBM Process Mining

    pm.processmining

  • IBM Task Mining

    tm.processmining

If the DNS for your domain is not available, you must add a record to the local host file as indicated in the following example:

  192.168.0.10 pm.processmining tm.processmining
You can locate the host files in the following directories:
  1. For Mac and Linux®

    /etc/hosts

  2. For Windows operating systems

    C:\Windows\System32\drivers\etc\hosts

Creating certificates

You can use the following steps to create a certificate:

  1. Create and open a directory.
          /home/pm/cert
    
  2. Generate a CA private key.
          openssl genrsa -des3 -out rootCA.key 2048
            (password: changeit)
    
    Note: This CA is common for IBM Process Mining and IBM Task Mining. It is also valid for NGINX.
  3. Generate the CA certificate.
          openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
    
  4. Create the new file, v3.ext, and then copy the following contents to the file.
          authorityKeyIdentifier=keyid,issuer
            basicConstraints=CA:FALSE
            keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
            subjectAltName = @alt_names
            [alt_names]
            DNS.1 = pm.processmining
            DNS.2 = tm.processmining
    
  5. Update the domain name based on the installation.

  6. Create the certificate. You must install the certificate on both Nginx.

      openssl req -new -nodes -out server.csr -newkey rsa:2048 -keyout server.key
        openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
        cat server.crt server.key > server.pem
  • You must ensure that the current directory includes the following files:
    server.key
    server.crt
    rootCA.pem

You need these files to complete the installation.