HTTPS and SSL Certificates
When Xylok starts, it loads whatever PEM-format certificate and private key file are in /opt/xylok/certs
. These files must be called cert.crt
and key.key
, for the certificate and private key respectively. If desired, these files can be replaced by your own certificates. After replacing these certificates, restart Xylok to apply.
Default Certificates
If there is no existing cert.crt
and key.key
when it starts, Xylok generates its own local Certificate Authority (CA) certificate and a server certificate via that CA for the XYLOK_HOST
domain. If XYLOK_HOST
isn't set, it will default to xylok.local
. To change domains to something other than xylok.local
, set XYLOK_HOST
in /etc/xylok.conf
, then restart Xylok.
Browser Trust
The use of a separate CA allows for easier trusting of the Xylok certificates. To do so:
- Set a domain name entry for the Xylok host with whatever you have as
XYLOK_HOST
. a. If you have a local DNS server, use that b. Otherwise, edit the system you're accessing Xylok from's host file. The exact details vary between Windows and Linux. - Download your local installation's CA certificate: a. Go to your installation's /docs/ folder. This might be https://xylok.local/docs/ b. Click the "Xylok Certificate Authority certificate" link on that page
- Add CA certificate to the root trust store of your browser. Details vary by browser and OS:
- Open a new tab in your browser and visit your Xylok domain again. This time it should appear as trusted.
Custom Certificates
You are free to replace the certificates with custom certs if needed. To do so:
- Remove all files in
/opt/xylok/certs
- Place new certificate in PEM format at
/opt/xylok/certs/cert.crt
- Place new private key in PEM format at
/opt/xylok/certs/key.key
- Restart Xylok:
systemctl restart xylok
Old Installations
Prior to v2022.07.1, Xylok generated self-signed certificates without generating a CA certificate. If desired, you can delete the existing certificate and key files, then restart Xylok to force the new version of certificates to be generated.