Hardening

In this section we will discuss on how to secure communication between Mugnsoft components using certificates.

Configure Mugnsoft’s component to talk securely

To enable secure communication between each component you need to enable https communication. To do so, in the component setting file <component>.json in the root folder of that component, you have to set the parameter https=true.

Using auto-signed certificates

Each Mugnsoft’s component has the ability to generate an auto-signed certificate at installation time. So basically it relieves you from the task of creating your own auto-signed certificate. Then, you need to copy the certificate to the client component in the following folder <component_installDir>/config/ssl/certificates/ and that’s all.

Note for all the components:

For example, let’s says you have set up a new Monitor probe with an auto-signed certificate, then you have to copy that auto-signed certificate in the Webserver component in the following folder <component_installDir>/config/ssl/certificates/. From there the “client” Mugnsoft webserver will be able to securely communicate with that Monitor probe.

Let’s assume that you have set an integrator with an auto-signed certificate, then to have all Mugnsoft component talk to each other, you have to copy that certificate on both the Webserver component and the Monitor component in the <component_installDir>/config/ssl/certificates/ folder.

Let’s now assume that you have a third party running with a certificate. For the Integrator component to communicate with that third party software, you have to copy the certificate file of the latter and paste it in the Integrator component <component_installDir>/config/ssl/certificates/ folder.

You don’t have to restart each component, you just have to make the given Mugnsoft’s component reload its certificates folder (more details on the “Reload certificates folder” paragraph). From there, all communication will be secure.

More on the communication between Mugnsoft’s components:

  • The Monitor component acts as a client for the Integrator component.
  • The Webserver component acts as a client for both the monitor component and the Integrator component.
  • The Integrator component acts as a client for third party integrated tools.

Using you own certificates

You can provide you own certificate to secure Mugnsoft’s component communication. In this case you have to place your certificate files in the following folder <component_installDir>/config/ssl/certificates/ and the private key in the <component_installDir>/config/ssl/private for the given Mugnsoft’s component.

You don’t have to restart your component, you just have to make the given Mugnsoft’s component reload its certificates folder (more details on the “Reload certificates folder” paragraph). From there your component webserver and your component’s API server will be to talk securely using https with the component that certificate belongs to.

Note for all the components:

If you set one component to use https, then all the other components should run using https as well.

The same certificate file exchange previous statements apply when using your own certificates files.

Reload certificates folder

You need to reload the component so that it can take into account new certificates put in the certificates folder. For instance if you have added a new monitor probe, then for the webserver to be able to communicate with that monitor, you need to add the monitor’s certificates in the webserver’s certificates folder and then reload that folder.

For Mugnsoft webserver

  1. For the webserver Click on the reload certificates button on the top of the page body
reload webserver certificates

For other component

  1. Select the component you want for which you want to reload the certificates folder
reload component certificates
Security Troubleshooting