- Home
- Documentation
- Nebula System
- Nebula Certificates
Nebula Certificates
-
Documentation
- Release Notes
- Get Started
- Nexus Server
- Nexus Application
- Nexus Stacks
- Nexus Two Factor Authentication
- Nexus GUI and Modules
- Access Gates
- Access Keys
- Block Storage
- Codespaces
- Cron Scheduler
- Data Bright
- Data Gate
- Data Insight
- Data Spark-house
- Data Spark-nodes
- Data Spark-solaris
- Data Stream
- Desktops
- Event Hub
- Firewall
- Flow-fx
- Groups
- Identities
- Instances-cn
- Instances-vm
- Instances-xvm
- Load Balancer
- Magna-app
- Magna-buckets
- Magna-db
- Magna-nodes
- Magna-s3
- Magna-se
- Magna-sqld
- Magna-sqlr
- Name Server
- Notification Gate
- Object Storage
- Private Network
- Repositories
- Roles
- SIEM Collector
- Secret Keys
- Security Scanner
- Serverless-api
- Serverless-flow
- Serverless-fx
- Serverless-json
- Serverless-mq
- Serverless-spark
- Sky Link
- Sky Nodes
- Solution Stacks
- VPN Manager
- Vista Sessions
- Nebula System
- Vista Connect
Nebula Certificates
The Nebula System includes several certification processes, with six used internally for secure communication and tunneling, and two dedicated to securing applications and websites. This document will focus on the latter.
xcware Certificates
The xcware certification service is available on all Sky Node and can be managed through the Sky Node Certificates dialog, which provides the option to create xcware certified certificates.
xcware Certificates are issued by the xcware authority. When these certificates are used, any device connecting with them must install an authority certificate into the device's Trusted Root Certificates store. This option is primarily used for private networks, such as LANs or edge devices, which should not access the public Internet. You can download the xcware Authority Certificate from here.
We have outlined a straightforward scenario for implementing a xcware certificate:
-
Ensure you have set up a Name Server for "myapp.local" (or your chosen domain), pointing
to the private IP address of the Sky Node from which you want to serve the application
or website.
-
Use the Sky Node Certificates dialog to
generate a certificate for "myapp.local," for example.
-
Now, you can set up a Load Balancer using Application Traffic protocols
HTTPS->HTTP or HTTPS->HTTPS to secure your solution.
Let's Encrypt Certificates
The Let's Encrypt certification service is available on all Sky Node and can be managed through the Sky Node Certificates dialog, which provides the option to create Let's Encrypt certified certificates. Let's Encrypt is a free, automated, and open certificate authority that provides digital certificates to enable HTTPS (SSL/TLS) for applications and websites, ensuring secure communication over the internet. For more information about the Let's Encrypt service, please refer to the document at https://letsencrypt.org/docs/.
To create Let's Encrypt certificates, the following conditions must be met:
- The Let's Encrypt Authority must be accessible via a public IP.
- The Let's Encrypt Authority must be able to verify ownership of your domain.
We have outlined two scenarios that illustrate the Let's Encrypt certification process:
-
Sky Node is a cloud instance with a public IP address:
-
For the domain name "domain.com" for which you want to generate a certificate,
ensure that its A record points to the public IP address of the Sky Node.
-
Use the Sky Node Certificates dialog
to generate a certificate for your "domain.com".
-
Now, you can set up a Load Balancer using Application Traffic protocols
HTTPS->HTTP or HTTPS->HTTPS to secure your solution.
-
For the domain name "domain.com" for which you want to generate a certificate,
ensure that its A record points to the public IP address of the Sky Node.
-
Sky Node is a bare metal machine without a public IP address.:
-
First, set up an Access Gate in the DMZ and configure Network Address
Translation (NAT) to assign a public IP address to the Access Gate, ensuring
that port 443/TCP and 80/TCP are open.
-
Next, create an Access Gate rule that directs traffic to the private IP address
of the Sky Node, for example:
444->10.1.0.1:443
-
For the domain name "domain.com" for which you want to generate a certificate,
ensure that its A record points to the public IP address of the Access Gate.
-
Use the Sky Node Certificates dialog
to generate a certificate for your "domain.com".
- Now, you can set up a Load Balancer using Application Traffic protocols HTTPS->HTTP or HTTPS->HTTPS to secure your solution.
-
First, set up an Access Gate in the DMZ and configure Network Address
Translation (NAT) to assign a public IP address to the Access Gate, ensuring
that port 443/TCP and 80/TCP are open.