Deploying Bold BI on Docker with a Self-Signed Certificate for Windows Localhost
This section provides detailed instructions on how to activate SSL for a Bold BI instance running inside a Docker container on your local Windows machine using a self-signed certificate. Follow these steps:
Step 1: Install OpenSSL for Windows
Install OpenSSL on Windows using the following link: OpenSSL Installation for Windows
Step 2: Generate a New OpenSSL Configuration File
Create a new file named openssl.cnf (or openssl-san.cnf) with the provided content that includes the SAN (Subject Alternative Name) extension.
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = localhost.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req # The extensions to add to the self-signed cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = State
localityName = Locality Name (eg, city)
localityName_default = City
organizationName = Organization Name (eg, company)
organizationName_default = My Company
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = localhost
[ req_ext ]
subjectAltName = @alt_names
[ v3_req ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = localhost
Step 3: Generate the Certificate and Key
Use the custom configuration file to generate a new certificate and key:
- Generate a Private Key:
openssl genpkey -algorithm RSA -out localhost.key
- Generate the Certificate:
openssl req -x509 -new -nodes -key localhost.key -sha256 -days 365 -out localhost.crt -config openssl.cnf
Step 4: Bold BI Installation with the Generated Certificate
Deploy Bold BI on Docker Using the generated certificate.key and certificate.crt Files.
- To install Bold BI within a Docker container, you can utilize either a Docker or a docker-compose file. For guidance and instructions, please refer to the following link.
- Once the Bold BI is deployed, proceed to set up SSL for the application by following the instructions at this link.
- After configuring SSL, accessing the site might result in an error like the one shown below. To resolve this, you’ll need to import the certificate into the Windows Trusted Root store.
Step 5: Import the Certificate to Windows Trusted Root
Importing the certificate to Windows Trusted Root allows Windows and browsers to trust the self-signed certificate, preventing security warnings and ensuring secure communication for users accessing the site.
- Import the certificate into Windows that you obtained in step 3:
- Press
Win + R, typemmc, and press Enter.
- In the MMC console, go to
File > Add/Remove Snap-in....
- Select
Certificatesand clickAdd.
- Choose
Computer account, then clickNext.
- Select
Local computerand clickFinish.
- Then click
OKin the Add/Remove Snap-ins window. - In the MMC console, expand
Certificates > Trusted Root Certification Authorities.
- Right-click on
Certificates, then selectAll Tasks > Import.
- Follow the wizard to import your
localhost.crtfile. Ensure it is placed in the Trusted Root Certification Authorities store.
- Finish the wizard, and you should see your
localhostcertificate listed underTrusted Root Certification Authorities > Certificates.
- Press
Step 6: Verifying the Setup in Browser
- Restart your browser: Close and reopen browser to ensure it picks up the newly trusted certificate.
- Clear Cache: If you still encounter any warning issue, clear the browser cache.
- Access the HTTPS URL: Navigate to
https://localhostor your custom local domain (if you set one up). - Browser should no longer display a security warning, indicating it trusts the certificate.
Additional Resources
