TLS certificates & DNS

πŸ“˜

Note

The endpoint <YOURDOMAIN.COM> above is just an example. Any valid FQDN is acceptable here as long as you own it and it's the same across all endpoints.

Certificates required

In order to install the Labelbox application, certificates are needed. These certificates can be purchased from a Certificate of Authority (CA) or can be from a private CA. Labelbox applications will clear the private CA certificates as such considering self-signed certificates.

Note, that keycloak (being a non-Labelbox developed authentication service) does not clear private CA certificate or self-signed certificate connections to external authentication services as is (such as Active Directory/ldaps/saml 2.0 services using private CA certificates or self-signed certificates. Keycloak connecting via non-tls ldap (not ldaps) is a requirement at this time and keycloak connections to any federated authentication services with private CA certificates or self-signed certificates are not supported at this time.

Wildcard or SAN certificates are allowed. The following endpoints are needed:

  • <YOURDOMAIN.COM>
  • app.<YOURDOMAIN.COM>
  • api.<YOURDOMAIN.COM>
  • keycloak.<YOURDOMAIN.COM>
  • editor.<YOURDOMAIN.COM>
  • image-segmentation.<YOURDOMAIN.COM>
  • object-store.<YOURDOMAIN.COM>

πŸ“˜

Note: Private CA Certificates

If you are using private CA certificate, it requires the root and intermediate certificates in PEM format to be chained with the actual PEM certificate in the crt file for the installation.

Example:
cat yourdomain.crt intermediateCA.crt rootCA.crt > yourdomain-chain.crt
The correct .crt to use for the installation is now yourdomain-chain.crt

DNS

All of the endpoints below should point to your VM. It is ok to use either A records or CNAMES

  • <YOURDOMAIN.COM>
  • app.<YOURDOMAIN.COM>
  • api.<YOURDOMAIN.COM>
  • keycloak.<YOURDOMAIN.COM>
  • editor.<YOURDOMAIN.COM>
  • image-segmentation.<YOURDOMAIN.COM>
  • object-store.<YOURDOMAIN.COM>

Did this page help you?