Introduction
Kiuwan on premises fosters secure connections by providing a default installation environment where most communications are done under a secure protocol.
By default, Kiuwan on premises services connections use:
| Protocol | Secure connection | |||
|---|---|---|---|---|
| Any client (browser, KLA, K4D, custom REST API client, etc.) | ↔ | Kiuwan apache load balancer | HTTPS | Yes |
| Kiuwan apache load balancer | ↔ | Kiuwan (frontal) | HTTPS | Yes |
| Kiuwan (frontal, analyzer, scheduler, updater) | ↔ | MySQL database | mysql protocol (SSL can be optionally enabled) | Optional |
| Kiuwan (frontal, analyzer, scheduler, updater) | ↔ | Redis cluster node | RESP (REdis Serialization Protocol) - SSL | Optional (using AWS elasticache) |
| Redis cluster node | ↔ | Redis cluster node | RESP (REdis Serialization Protocol) | Optional (using AWS elasticache) |
Every time a client connects to a server using a secure protocol, it needs to make sure that the contacted server is who it claims to be. This is usually done by the server returning a certificate (signed by a Certification Authority, CA) that the client can check for authenticity.
As the client needs a way to identify if the server's certificate is trustable, all secure transmision enabled clients have or rely on a dictionary of trustable CAs.
In order to provide a default installation configuration that enables secure protocols on most communications channels, Kiuwan on premises comes with a set of certificates and keystores for the default configured domain (kiuwan.onpremise.local).
Certificates and keystores in Kiuwan on premises installations
Generating certificates for a custom domain
Using certificates signed by a recognized CA