Nebula Certificates

Nebula Certificates


The Nebula System includes several certification processes, with six used internally for secure communication and tunneling, and two dedicated to securing applications and websites. This document will focus on the latter.


xcware Certificates


The xcware certification service is available on all Sky Node and can be managed through the Sky Node Certificates dialog, which provides the option to create xcware certified certificates.

xcware Certificates are issued by the xcware authority. When these certificates are used, any device connecting with them must install an authority certificate into the device's Trusted Root Certificates store. This option is primarily used for private networks, such as LANs or edge devices, which should not access the public Internet. You can download the xcware Authority Certificate from here.

We have outlined a straightforward scenario for implementing a xcware certificate:

  1. Ensure you have set up a Name Server for "myapp.local" (or your chosen domain), pointing to the private IP address of the Sky Node from which you want to serve the application or website.

  2. Use the Sky Node Certificates dialog to generate a certificate for "myapp.local," for example.

  3. Now, you can set up a Load Balancer using Application Traffic protocols HTTPS->HTTP or HTTPS->HTTPS to secure your solution.


Let's Encrypt Certificates


The Let's Encrypt certification service is available on all Sky Node and can be managed through the Sky Node Certificates dialog, which provides the option to create Let's Encrypt certified certificates. Let's Encrypt is a free, automated, and open certificate authority that provides digital certificates to enable HTTPS (SSL/TLS) for applications and websites, ensuring secure communication over the internet. For more information about the Let's Encrypt service, please refer to the document at https://letsencrypt.org/docs/.

To create Let's Encrypt certificates, the following conditions must be met:

  • The Let's Encrypt Authority must be accessible via a public IP.

  • The Let's Encrypt Authority must be able to verify ownership of your domain.
This can be challenging if your Sky Node lacks a public IP. In such cases, you can use an Access Gate in the DMZ and a Load Balancer service to create a pathway to the application or website on the Sky Node.

We have outlined two scenarios that illustrate the Let's Encrypt certification process:

  • Sky Node is a cloud instance with a public IP address:

    1. For the domain name "domain.com" for which you want to generate a certificate, ensure that its A record points to the public IP address of the Sky Node.

    2. Use the Sky Node Certificates dialog to generate a certificate for your "domain.com".

    3. Now, you can set up a Load Balancer using Application Traffic protocols HTTPS->HTTP or HTTPS->HTTPS to secure your solution.

  • Sky Node is a bare metal machine without a public IP address.:

    1. First, set up an Access Gate in the DMZ and configure Network Address Translation (NAT) to assign a public IP address to the Access Gate, ensuring that port 443/TCP and 80/TCP are open.

    2. Next, create an Access Gate rule that directs traffic to the private IP address of the Sky Node, for example:
      444->10.1.0.1:443

    3. For the domain name "domain.com" for which you want to generate a certificate, ensure that its A record points to the public IP address of the Access Gate.

    4. Use the Sky Node Certificates dialog to generate a certificate for your "domain.com".

    5. Now, you can set up a Load Balancer using Application Traffic protocols HTTPS->HTTP or HTTPS->HTTPS to secure your solution.

We utilize xcware specifically for our external CAD/CAE workforce needs. Our vGPU Workstations outperform our previously used VMware Horizon on the same hardware. More importantly, it is now easier to onboard and scalable for every project.

— Mark K.
IT-Manager @ Bielomatik

I rely on xcware for crafting and implementing solutions for my clients due to its scalability and quick setup time for projects. 8 out of 10 customers remain with the initial xcware project setup, streamlining my delivery process.

— Thomas B.
Cloud Solutions Architect

We have successfully migrated 500+ servers and desktops from VMware to xcware. We extend our gratitude to the xcware Consulting Team for delivering exceptional work.

— Franco O.
IT Manager @ SportSA

We were pleasantly surprised by how effortlessly we could construct our Big Data platform and extend it to various production lines across the globe.

— Simone C.
Big Data Engineer @ UBX

As a developer specializing in native cloud solutions, I am delighted that xcware is available for free for developers like me. This allows me to enhance my cloud skills and expand my expertise.

— Sindra L.
Cloud Engineer

My favorite is the Flow-fx engine and the API. With Nexus Flow-fx, you can automate everything, and I mean everything! I manage over 150+ Linux servers fully automated.

— Mirco. W.
Linux Administrator @ S&P

xcware Strategic Partners