scim cert

jimkienlen
jimkienlen
Community Member

Is it possible to use my own ssl cert with the SCIM server? Is there any documentation?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:scim cert

Comments

  • jimkienlen
    jimkienlen
    Community Member

    Does Lets Encrypt expect certificate requests from the same external ip address that the domain name points to? If my network admin only forwards 80 and 443 from the public ip that my domain name points to, and other traffic from that internal server leaves a general gateway that is using PAT with a different external ip?


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided
    Referrer: forum-search:scim cert

  • jimkienlen
    jimkienlen
    Community Member

    Is it possible to use my own ssl cert with the SCIM server? Is there any documentation?

  • Hi @jimkienlen,

    I just got your threads combined as they are all around the same topic.

    I believe another of my co-workers answered your emailed questions, but I'll answer again here for visibility. Please follow up either via email or here if anything is unclear.

    Is it possible to use my own ssl cert with the SCIM server? Is there any documentation?

    Yes, with caveats.

    Using your own SSL cert is possible. However that is what I would call an 'advanced' setup where the SCIM Bridge would have to integrate into your existing infrastructure, as there is no native support for a SSL cert on a SCIM Bridge. You would have to terminate TLS connections at a proxy or a load balancer with your SSL cert, then forward the unencrypted traffic internally to the SCIM Bridge. In other words, the SCIM Bridge would no longer be directly accessible from the internet, and could be set up like any other proxied service. In that configuration, LetEncrypt would not be used.

    There is no documentation on this setup method, as it is more complex and customised to each customer's infrastructure. If you want to proceed down this path, I would suggest shooting us another email where we can talk specifics and schedule a call.

    Does Lets Encrypt expect certificate requests from the same external ip address that the domain name points to?

    If I am understanding your question correctly, yes LetsEncrypt expects the certificate challenge and requests from the same external IP to which the domain name points.

    If my network admin only forwards 80 and 443 from the public ip that my domain name points to, and other traffic from that internal server leaves a general gateway that is using PAT with a different external ip?

    Yes, that would work. Inbound traffic requires port 80 for LetsEncrypt requests, and 443 for all other secured traffic. The outbound port does not matter.

    Let me know if you have any followup questions.

    Graham

This discussion has been closed.