SSL Configuration

What you do with the SSL configuration depends on your deployment scenario. By default, the installer will setup Software Risk Manager dependencies to offer both HTTP and HTTPS access to Software Risk Manager. This is sufficient for most evaluation scenarios. If, however, you are deploying Software Risk Manager for production usage, then we recommend that you use or obtain a valid SSL certificate for the host machine. If you don't use your own certificates, HTTPS is enabled by default with a self-signed certificate generated during installation. This will ensure secure communications to all clients accessing Software Risk Manager. Note that if you use the default HTTPS option with the self-signed certificate, most browsers will display a security warning when connecting, which will need to be accepted to proceed with access to the site.

If Software Risk Manager will be used in a networked environment, using HTTPS to connect is recommended. For example, once Software Risk Manager is installed, use https://<hostname>/srm instead of http://<hostname>/srm (substituting in your machine's hostname).

Click the "Next" button if you're using the Software Risk Manager self-signed certificate. Otherwise, use your own SSL certificate by getting the certificate and associated private key in PEM-encoded X.509 format. (Some issuers refer to this as “Apache format.”) Click "Do you want to import your own SSL certificate?" and browse to those files.