SSL encryption on accessing Tryton with Client

zash1958 · April 24, 2024, 3:57pm

Hi,

I have the need to encrypt the communication in the internal network between the Tryton instance (Ubuntu, no docker)

How has the file for the combined cert to be generated that Tryton will accept it?

I have here:

CA CERT of the ssl provider
intermediate CERT consisting of three Certs inside
our Cert for our domain
the key file

How have these files to be concatenated that Tryton will accept it?
Is there a logfile where I can look if the Cert throws an error in Tryton?

In my trytond.conf I have the follwing:

[ssl]
privatekey = /etc/ssl/xyz/mydomain.key
certificate = /etc/ssl/xyz/mydomain.chained.crt

TIA

Uwe

ced · April 24, 2024, 4:10pm

You can find information about werkzeug and ssl on Serving WSGI Applications — Werkzeug Documentation (3.0.x)

But using the builtin server for production is not recommended, the server is only for development purpose.
You should setup a reverse-proxy which should manage the encryption.

Also if you are using a private CA, you may need to add it to the tryton configuration.