Security

SSL Certificates

SSL (Secure Sockets Layer) is a fundamental technology for securing web applications by encrypting data, ensuring data integrity, authenticating servers, and enhancing user trust.

SSL layers encrypt the data transmitted between a user’s web browser and server. This encryption ensures that the data remains unreadable and secure even if intercepted by malicious actors. SSL includes mechanisms to ensure data integrity during transmission using cryptographic hash functions to detect unauthorized modifications or tampering. In the event of altered data during transit, the recipient can see and reject the modified data.

BrainD allows loading a user’s SSL certificate through the settings and configuration dialog. Many external service providers can provide an SSL certificate; one may already have an SSL certificate for BrainD installations.

Use of a self-signed certificate may cause a warning to appear when accessing the REST endpoints. This is caused by the browser failing to authenticate the received certificate against a trusted certificate authority.

../../_images/security-ssl-not-private.png

OpenSSL is an option that one can use to create a self-signed SSL certificate. The following command may be used to generate a self-signed certificate:

openssl req -new -x509 -days 365 -nodes -keyout example.key -out example.crt

By default, BrainD will serve an insecure web page over HTTP, without any certificates or encryption. If insecure communications over HTTP are not desirable, the settings and configuration dialog can be used to enable HTTPS/SSL communication. If a certificate is not specified, then BrainD will automatically generate a self-signed certificate.

Certificates are stored in the following directory:

  1. Windows: %AppData%\Acroname\BrainD\config

  2. Mac: ~/Library/Application\ Support/Acroname/BrainD/config

  3. Linux: ~/.acroname/BrainD/config