Overview

---

All communication within SEAL Operator is TLS encrypted. In the standard installation, self-signed certificates are used for this.

Caution - security gap

Using the pre-installed self-signed certificates in a productive system is a serious security gap!

Execute the following steps to secure the different components of SEAL Operator and avoid certificate warnings in the browser.

---

Requirements

Get a TLS certificate in PEM format with a key.pem and a cert.pem file.

This certificate has to contain the following entries:

• localhost (for local connections on a server)

• Server name of SEAL Operator

Hint - certificate authority

All TLS certificates have to be signed by the same certificate authority (CA).

Hint - other formats

For how to convert other certificate formats, refer to Convert Certificates.

---

Secure SEAL Operator

In order to secure SEAL Operator, execute the following steps:

• Secure the Services

• For how to secure the preconfigured Keycloak from SEAL Systems as OIDC identity provider, refer to the SEAL Interfaces for OIDC documentation.

• Secure Consul

• Change the Token for Encrypting the Credentials

Hint - secure MongoDB and SEAL NATS

For how to secure MongoDB in general, refer to the SEAL-specific MongoDB documentation.

For how to secure SEAL NATS, refer to the SEAL NATS documentation.

---

Next Step

Continue with: Secure the SEAL Operator Services

---