RavenDB Certificates

How to Configure RavenDB Certificates | Use the Ingeniux CMS 10.5 Site Instance Wizard to configure server and client certificates for Raven DB 4.x authentication.


Use the Ingeniux CMS Site Instance Wizard to generate server and client X.509 security certificates or provide your own for the Ingeniux CMS 10.5 instance and the Raven Database (RavenDB) 4.x instance.

The RavenDB service uses the server certificate to perform behind-the-scenes operations (e.g., data encryption on disk, SSL resolution).

The CMS application and DSS Preview clients connect to the RavenDB. The RavenDB client uses the client certificate to validate the identities of users. In RavenDB 4.x, all authentication is accomplished through certificates; therefore, in CMS 10.5, only users who attempt to access RavenDB from clients with authorized client certificates gain access to the database. The application of this RavenDB authentication certificate depends on if you intend to install RavenDB on the same server as the CMS instance installation or remotely. Administrators set up a certificate to access RavenDB at one of two junctures within the Ingeniux CMS 10.5 Site Instance Wizard.

  • To install the RavenDB on the same server as the CMS, select the Local Install option in the wizard. In following views, the wizard prompts you to indicate the server certificate type to use for the RavenDB server and then prompts you to configure how you would like the client certificate for the RavenDB client to be generated.
  • Alternatively, to install RavenDB on a server other than where your CMS will reside, select the External URI option. The wizard prompts you to indicate the client certificate to use for the RavenDB client.

Server and Client Certificates for Local RavenDB Servers

To configure a server certificate for a local RavenDB server:

  1. If you choose the Local Install option for RavenDB, click Next.

    Local RavenDB Installation

    The RavenDB Server Configuration view displays, where you can select the type of certificate to use for the RavenDB server.
  2. Choose one of the following options:
    • Select Self-Signed Certificate to generate the certificate via the CMS instance installer process, then complete the associated fields.

      Self-Signed Certificate

      Additional Info:

      A self-signed certificate is a security certificate that is not signed by a certificate authority (CA); rather, it is signed by the same entity that it certifies. This option creates and registers the certificate on the system during the CMS instance installer process. The certificate authenticates the RavenDB instance and CMS instance. A self-signed certificate may be particularly useful for temporary or staging server scenarios. After you provide the RavenDB host name and port number on the RavenDB server, the Ingeniux CMS installation creates the self-signed certificate for you.

      Field Description
      Server Certificate Password Enter a server certificate password. If you choose a password, password validation becomes required to access the server certificate.
      RavenDB Host

      Enter the appropriate RavenDB host (e.g., raven.server.com or 127.0.0.1). The CMS instance name displays as the default.

      Note: We recommend maintaining the CMS instance name. If you have multiple RavenDB services, maintaining the name helps you to clarify which RavenDB host associates with each CMS instance.

      Raven Server Port Number

      Enter the filepath to the appropriate RavenDB instance port number. A wildcard character (*) will notify the system to check for and select an available port number.

      The system starts checking at 8080. If unavailable, the system runs a loop, incrementing the port number up by one until the system finds an available port number. This port check is performed on this screen and an available port is displayed.

    • Select Manual Certificate to provide your own certificate, then complete the associated fields.

      Manual Certificate

      Additional Info:

      Rather than having the installation wizard create a self-signed certificate, you can provide a server certificate for your local RavenDB server, manually. This may be particularly useful if you require the certificate to be signed by a certification authority.
      Field Description
      Certificate File Path Enter the filepath to the appropriate certificate (.pfx file).
      Server Certificate File Password (optional) This field is optional. Enter the password for the indicated server certificate file.
      RavenDB Host

      Enter the appropriate RavenDB host URI (e.g., raven.server.com or 127.0.0.1). The CMS instance name displays as the default.

      Note: We recommend maintaining the CMS instance name. If you have multiple RavenDB services, maintaining the name helps you to clarify which RavenDB host associates with each CMS instance.

      Raven Server Port Number

      Enter the filepath to the appropriate RavenDB instance port number. A wildcard character (*) will notify the system to check for and select an available port number.

      The system starts checking at 8080. If in use, the installation wizard increments upwards to find the next available port. The wizard will automatically perform this check on this step and display an available port.

  3. Click Next. The RavenDB Client Configuration view displays. Use this view to configure the client certificate settings.
  4. Choose one of the following options:
    • Select Default to use a client certificate generated by the RavenDB server. The certificate file will be placed on disk and the CMS will reference this file for client authentication.
      • Optional: If you choose a client certificate password, password validation becomes required to access the client certificate.

    • Select Thumbprint to use a client certificate already installed on your machine. The machine references the certificate from the Local Machine Store via thumbprint ID. Each certificate contains a thumbprint ID. The client certificate will not exist on disk if this option is used.

  5. Click Next.

Client Certificates for Remote RavenDB Servers

Choose this option if the RavenDB instance will reside on a server other than the one where the CMS instance resides. This option requires the site administrator to set up the RavenDB instance beforehand. If RavenDB will be installed on a server other than the CMS server (External URI option), you must provide the URI to the server where RavenDB will be located and the path to the .pfx file.

To configure a security certificate for a remote RavenDB server:

  1. If you choose the External URI installation option for RavenDB, complete the associated fields.

    External URI

    Field Description
    RavenDB URI Enter the appropriate external RavenDB instance URI.
    Client Certificate File Path Enter the filepath to the appropriate client certificate (*.pfx file).
  2. Click Next.

Next Steps

After configuring RavenDB 4.x and its security certificate, return to the appropriate set of wizard instructions to complete the process.