SSL
SSL helps keeps your event data and user credentials secure
Seq can serve its web user interface and event ingestion endpoint over SSL.
Certificates
To configure SSL for Seq, you'll first need a certificate for the hostname that Seq is serving on. I.e. if you want to use Seq at https://my-seq.mycompany.com
then you'll need an SSL certificate for that domain.
For SSL to provide effective security, you need to ensure that both the apps writing log events, and the client machines used to browse to Seq web user interface, trust the certificate assigned to the Seq server.
It is possible to disable certificate validation in apps, or ignore certificate validation warnings in web browsers, but in both of these cases it is unlikely SSL provides any material protection against an observer intercepting communication with the server.
The certificate needs to be stored in the Local Machine/Personal certificate store on the Seq server.
If you don't generally issue certificates for machines in your organisation, you can follow these instructions to generate a self-signed certificate.
Finding the Certificate Thumbprint
The easiest way to obtain the certificate's thumbprint or "hash" is via IIS Manager's Server Certificates page.
Copy the thumbprint to the clipboard as-is.
To retrieve the thumbprint for a certificate without IIS Manager, open the Manage computer certificates app from the Windows Start screen.
Configure Seq
With the certificate installed and the thumbprint located, the last step is to configure Seq to listen at an HTTP URI.
The command-line below shows the complete process. If you've used named instances of Seq, or installed to a custom data folder, you'll need to include those parameters as appropriate.
The instructions assume that Seq will listen on the standard HTTPS port 443.
seq bind-ssl --thumbprint="THUMBPRINT HERE"
seq config -k api.listenUris -v https://YOURSERVER
seq restart
The bind-ssl
command accepts a --port=
parameter, and this should be specified if the Seq listening endpoint is different from the HTTPS default of 443. Run seq help <command>
to see complete options for any of the commands above.
Specify --hostname=
if the server is using SNI to distinguish between multiple hosted domain names.
Updated almost 6 years ago