Skip to content
SmiKar Software

DNS & TLS Certificate Configuration

3 min read

Chipmunk requires a valid DNS name and HTTPS certificate to operate securely inside your network.

This guide helps you configure:

  • An internal DNS name (e.g., chipmunk.yourcompany.local)
  • A TLS certificate (PEM format recommended)

Step 1: Decide on a DNS Name

Choose a hostname for your Chipmunk appliance. This will be used in your App Registration and accessed in your browser.

Examples:

  • chipmunk.yourcompany.local
  • chipmunk.archive.yourdomain.com

Then:

  • Create a DNS A record in your internal DNS pointing to the Chipmunk appliance's static IP address
  • Ensure this name resolves from any machine that will access the dashboard

Chipmunk supports TLS certificates in PEM format, which must include:

  • The full certificate chain
  • The matching private key

You can use:

  • A certificate from a trusted public CA (preferred)
  • A certificate issued by your internal CA
  • A self-signed certificate (supported, but browser warnings will occur)

Recommended PEM file structure

Your PEM file should contain two blocks concatenated together, in this order:

  1. The certificate block - opens with BEGIN CERTIFICATE and closes with END CERTIFICATE (each marker surrounded by five dashes on either side). The base64-encoded certificate body sits between the two markers. If you have an intermediate chain, append additional certificate blocks after the first.
  2. The private key block - same structure, but the markers read BEGIN PRIVATE KEY and END PRIVATE KEY (or BEGIN RSA PRIVATE KEY for older OpenSSL formats). The base64-encoded key body sits between the two markers.

Both blocks live in a single .pem (or .crt + .key) file. The certificate authority that issues your cert will normally produce this layout for you; if you generate the certificate yourself with OpenSSL, the output files already follow this convention.

Upload your PEM files during setup or place them in the correct path as instructed by the configuration wizard.

Step 3: Self-Signed Certificate (Optional Fallback)

If you don’t have access to a public or internal CA, Chipmunk can generate a self-signed certificate during setup.

Important Notes:

  • You will see browser warnings when accessing the appliance over HTTPS
  • Functionality is unaffected, but user experience is impacted
  • You can replace the self-signed cert with a real certificate at any time

Step 4: Match the Hostname in Your Certificate

Make sure the Common Name (CN) or Subject Alternative Name (SAN) in your certificate matches the DNS name you plan to use.

For example: If you access Chipmunk at https://chipmunk.yourcompany.local, then the cert must include that hostname.

What You’ll Need During Setup

When running the Chipmunk setup wizard after deploying the appliance, have the following ready:

  • The full DNS name (e.g. chipmunk.yourcompany.local)
  • A PEM-formatted TLS certificate and private key
  • OR choose the option to generate a self-signed certificate

Next: Complete the First-Time Configuration

More in Chipmunk

See all pages →