Overview ???? Für aktuelles Produkt umarbeiten ????

---

All communication within SEAL Print Client is TLS encrypted. In the standard installation, self-signed certificates are used for this.

Caution - security gap

Using the pre-installed self-signed certificates in a productive system is a serious security gap!

Execute the following steps in order to avoid the annoying certificate warnings in the browser and to secure the different components of SEAL Print Client.

---

Requirement

Get a TLS certificate in the PEM format with a key.pem, a cert.pem and a ca.pem file and as Java keystore for Keycloak. The private key for Keycloak may be protected by password.

This certificate has to contain the following entries:

- `localhost` (for local connections on a server)

- <SEAL_Print_Client_server_name>

Hint - certificate authority

All TLS certificates have to be signed by the same certificate authority (CA).

Hint - other formats

For how to convert other certificate formats, refer to Convert Certificates.

---

Avoid the Certificate Warnings in the Browser

In order to avoid the annoying certificate warnings in the browser, execute the following steps:

• Secure the SEAL Print Client Services

• Secure Keycloak

---

Secure the Remaining Components

In order to secure all components of SEAL Print Client, additionally execute the following steps:

• Secure Consul

• Secure MongoDB

---

Next Step

Continue with: Secure the SEAL Print Client Services

---