ZEC supports HTTPS encryption based on OpenSSL. ZEC expects certificate files in X.509 textual format (sometimes called ‘pem’) with a full chain of certificates, each one starts with “----BEGIN CERTIFICATE----", and the associated private key file, that starts with “----BEGIN PRIVATE KEY----". The certificate can be provided by an SSL/TLS certificate provider (Certification Authority) where the domain is registered, such as VeriSign, Digicert, etc.. Alternatively the certificate can be self-signed. A self-signed certificate is a certificate that is signed with its own private key. Self-signed certificates can be used to encrypt data just as well as CA-signed certificates, but your users will be displayed a warning that says that the certificate is not trusted by their computer or browser. Therefore, self-signed certificates should only be used if you do not need to prove your service’s identity to its users (e.g. non-production or non-public servers).

Obtaining a CA-signed Certificate

Reach out to the hosting provider for instructions on how to obtain a CA-signed HTTPS certificate. As part of this process, you will be required to generate a certificate signing request (CSR). A CSR consists mainly of the public key of a key pair, and some additional information. Both of these components are inserted into the certificate when it is signed. To learn more about generating a CSR, go to - https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

Creating a Self-signed Certificate

Instead of obtaining a CA-signed certificate, you can create a self-signed certificate.

You can generate self-signed x.509 certs with OpenSSL by using the following command:

openssl req -x509 -newkey rsa:2048 -keyout selfsigned_key.pem -out selfsigned_cert.pem

To learn more about generating a self-signed certificate, go to - https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

Uploading the Certificate and Private Key

After obtaining a CA-signed certificate or creating a self-signed one, you will need to upload the certificate and private key to ZEC.

To upload the certificate and private key:

Go to Settings > General.
Click + to expand the HTTPS and DTLS Streaming Certificate section.
In the Certificate Uploaded field, click Upload and select the certificate file.
In the Private Key Uploaded field, click Upload and select the Private Key.
In the Private Key Passphrase field, type the passphrase or leave empty (Default passphrase is empty, ignore the ‘****’).
Click Apply.
If the process was successful, the SSL setup status field will turn to "OK".

Browser not supported