Web server

SSL

The CareSuite is reachable via https:// by default using a self-signed certificate.

Since the certificate is self-signed, users will see a certificate error until the CA certificate /opt/caresuite/data/ca_import_me.crt is imported into the certificate store of the browser or OS.

Custom Certificate

Format

The X.509 certificate and key file must be in PEM format. We use a 4096-bit RSA key.

Installation

To use a custom certificate, copy the certificate and the certificate key file to the /opt/caresuite/data/certs directory.

You can rename or delete the existing default certificate and key.

$ ls -l /opt/caresuite/data/certs
-rw-r--r-- 1 caresuite caresuite 1919 Jan 01 00:00 caresuite.crt
-rw------- 1 caresuite caresuite 1704 Jan 01 00:00 caresuite.key

After replacing the certificate files, restart the CareSuite services by running the following command in a Terminal:

cs.restart

Redirect all traffic to HTTPS

Before redirecting all traffic to HTTPS, make sure you can reach the CareSuite server manually via https:// first.

To redirect all incoming requests to HTTPS, add the following lines to the data/carsuite.toml configuration file:

[server]
ssl_redirect = true

Then re-configure the CareSuite services to enable the redirect:

sudo caresuite update --force