Secure Management with SSL/TLS in Machinechat JEDI
Protect your JEDI management interface and sensitive data in transit by enabling SSL/TLS encryption. This adds a crucial layer of security, especially when accessing JEDI over public or less-trusted networks.
How It Works
-
Obtain Certificates: You'll need an SSL/TLS certificate and its corresponding private key. These can be:
- Self-Signed: Suitable for testing or highly controlled internal networks.
- CA-Issued: Provides greater trust and browser compatibility, ideal for production environments.
-
Upload to JEDI:
- Navigate to Settings -> Application in JEDI's web interface.
- Locate the "Management Interface Security" section.
- Click on "Enable SSL for Management Portal" to enable.
- Click on "SSL Certificate File" field and upload the certificate file.
- Click on "SSL Key File" field and upload the private key file.
- Certificate File (.crt, .pem)
- Private Key File (.key)
* Click "UPLOAD CERTIFICATE FILES" to upload the files to the server.
- Access JEDI Securely:
- Modify the URL you use to access JEDI. Change
http://tohttps:// - Example:
https://<jedi-ip>:9123 - Your browser may initially display a warning if using a self-signed certificate.
- Modify the URL you use to access JEDI. Change
Important
Security Considerations
- Safeguard Your Key File: The private key is critical for secure communication. Restrict access to the server where JEDI is installed to protect this file.
- Certificate Renewal: For CA-issued certificates, ensure you renew them before expiry to avoid disruptions.
- Best Practices: Combine SSL/TLS with other security measures like strong passwords, firewalls, and regular JEDI updates.
Troubleshooting
- Browser Warnings: If you see persistent warnings, double-check your certificate files and ensure they match.
- Error Messages: Consult JEDI's logs (usually within the install directory) for specific errors if JEDI fails to start after enabling TLS.
Need Assistance?