SSL/TLS Setup¶
This guide covers SSL/TLS certificate configuration for SPSA.
Overview¶
SPSA uses SSL/TLS to secure:
- Web interface access
- User authentication
- Remote session data
By default, SPSA includes a self-signed certificate. For production, replace it with a trusted certificate.
Certificate Options¶
| Option | Use Case |
|---|---|
| Self-Signed | Testing, internal use |
| Internal CA | Enterprise environments |
| Public CA | External access |
| Let's Encrypt | Public-facing with automation |
Certificate Requirements¶
| Property | Requirement |
|---|---|
| Key Type | RSA 2048+ or ECDSA P-256+ |
| Signature | SHA-256 or higher |
| SAN | Include all access hostnames |
Installing a Certificate¶
Certificate installation is performed through the appliance management interface or console. Refer to the documentation provided with your SPSA appliance for specific steps.
Required Files¶
- Server certificate (
.crtor.pem) - Private key (
.key) - CA chain / intermediate certificates (if applicable)
Verifying Certificate¶
After installation, verify:
- Access SPSA via HTTPS
- Browser shows trusted connection (no warnings)
- Certificate details are correct
Certificate Renewal¶
Monitor certificate expiration and renew before expiry:
- Set calendar reminders
- Renew 30 days before expiration
- Test after renewal
Troubleshooting¶
| Issue | Solution |
|---|---|
| Certificate warning | Install trusted certificate |
| Certificate expired | Renew certificate |
| Chain incomplete | Include intermediate certificates |
| Name mismatch | Ensure SAN includes access hostname |