Skip to main content

The Application's TLS Certificate

IDIAL-APP is itself served over HTTPS. A certificate is created for this at deployment (self-signed at first). In this area you can view the application's TLS certificate and replace it with your own — without touching the server.

View the current certificate

IDIAL-APP shows the certificate it is currently served with using the same checks as for a container certificate: an item-by-item breakdown of which check passed and which did not. The requirements are the same as described under A Container's TLS Certificate — with two specifics:

  • Address (SAN): the application does not know its own external name/IP by itself. The address check only runs when you have entered the application's public address in the Server settings — otherwise this step is skipped.
  • Trust chain: whether your browser trusts the certificate is decided by the browser against its own trust store. The application therefore shows the chain information only as a notice, not as a hard requirement.

Validate before uploading

As with a container, you can have a new certificate (as a PKCS#12 file with its password) validated in advance without installing it. Additionally, it checks that the private key matches the certificate — otherwise the application would become unreachable after the swap.

tip

Always use the pre-check. If it detects e.g. "expired" or "key does not match the certificate", fix it before swapping.

Upload and automatic reload

After a successful check the certificate is applied: the application swaps its server certificate and reloads the TLS service in place — with no downtime. You do not need to restart the server manually.

The UI then shows "Activating certificate…" and reloads the page automatically once the new certificate is active. So you don't need to click anything.

warning

If the new certificate is not considered trusted by your browser (e.g. a new self-signed certificate or a CA unknown to the browser), the browser will show a certificate warning after the reload. This is unavoidable and is due to the browser, not the application. Make sure the certificate comes from a CA your clients trust.

info

If an invalid certificate was applied by mistake and the UI is no longer reachable as a result: the previous certificate is kept as a backup. Contact your administrator/support — the certificate files can be restored on the server side.

Server address

In the Server settings you enter the public address under which IDIAL-APP is reachable (hostname or IP, port). This address is used for two things:

  1. the address check of the application's own server certificate (see above), and
  2. as the default callback address for newly added containers (so revocation list serving works from the start).

For individual containers this address can be overridden if needed.