Enabling Secure Web Server Connections with SSL

If you intend to let users only access Silk Central through secured connections (SSL), enable Silk Central to use Secure Sockets Layer (SSL).

For additional information, see also Communicating with an External System Over SSL, Enabling BIRT Reports in SSL Environments and Configuring a Non-Standard SSL Port for Execution Servers.

  1. Copy your certificate and key files to the front-end server computer.
  2. Open the file nginx.conf.template in C:\ProgramData\SilkCentral\InstanceAdministration\nginx\conf with a text editor.
  3. Uncomment the following lines by removing the #: 
    #listen   443 ssl;
#ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
#ssl_certificate    "C:/.../ssl/host.cert";
#ssl_certificate_key    "C:/.../ssl/host.key";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  4. Set the path for ssl_certificate and ssl_certificate_key to where you copied your certificate and key files. Specify the path using slashes instead of backslashes.
  5. If you want to allow only SSL connections, comment the line listen 19120; by adding a #.
  6. Optional: To configure a redirection from the non-secure port to the secure one, add a new server section with the following syntax: 
    server {
  listen <non-secure port>;
  server_name localhost;
  return 301 https://$host$request_uri;
  }
  7. To apply your changes:
    1. Open a browser window.
    2. Type localhost:19100 into the address bar.
    3. Stop and restart one of the Silk Central instances.
Parent topic: Setting up a Secure Silk Central System