Step 1: Obtain a signed certificate
The first step in securing communications using SSL is to obtain a signed certificate.
Two options are available for obtaining a signed certificate:
- Use a commercial root certificate authority (CA) such as Comodo, DigiCert, etc. This option can be more expensive but the process is simpler. Also, the client applications will trust these certificates without requiring additional configuration.
- Be your own root CA. This option is free but requires additional work and configuration.
- textml_cert_privatekey.pem: Private key generated when doing the certificate signing request. You will need to install this key on the TEXTML Server (in Step 2: Configure the TEXTML Server to use the Certificate).
- textml_signed_cert.pem: Signed CA certificate for the TEXTML Server. You will need to install this signed certificate on the TEXTML Server (in Step 2: Configure the TEXTML Server to use the Certificate).
- textml_root_cert.pem: CA root certificate of the TEXTML Server. You will need to install the certificate on the DITA CMS clients (in Step 3: Configure the DITA CMS components to use the SSL certificate). Applies to self-signed certificates only.
The following diagram shows the files that get generated by each procedure and where they need to be installed: