Platform Installation

The QCecuring SSL-CLM Platform is delivered as a unified Spring Boot application containing:

REST API
Web UI
Certificate Discovery Engine
Enrollment & Renewal Engine
Policy & Governance Engine
Audit Layer
CA Integration Service

It runs as a single executable JAR.

SSL CLM dashboard

Prerequisites

Required

Java 21+
MongoDB 7+

Optional (Production)

TLS certificates (HTTPS)
Reverse proxy (NGINX / Load Balancer)
SMTP server (for expiration alerts)
Internal CA / ACME server / External CA credentials

Step 1 — Verify Java

java -version

Expected: Java 21 or higher

Step 2 — Start Dependencies

Start MongoDB

docker run -d \
  --name ssl-clm-mongo \
  -p 27017:27017 \
  mongo:7

Step 3 — Run the Platform

Navigate to your JAR location:

cd installers

Start the application:

java -jar ssl-clm-0.0.1-SNAPSHOT.jar

You should see:

:: Spring Boot ::  (v3.x.x)
No active profile set, falling back to default profile: "dev"

SSL CLM launching bash

The application will start on:

http://localhost:8080

Profiles

The platform supports environment-based profiles.

Development Mode (default)

java -jar ssl-clm.jar

Uses:

Local MongoDB
Development CA configuration
Relaxed validation settings

Production Mode

java -jar ssl-clm.jar --spring.profiles.active=prod

Or using environment variable:

export SPRING_PROFILES_ACTIVE=prod
java -jar ssl-clm.jar

Production mode enables:

Strict security policies
CA integration enforcement
Hardened renewal workflows
Secure token validation

Configuration via Environment Variables

Example .env file:

# ====================================
# SSL-CLM Platform - Environment Template
# ====================================

# ===============================
# Spring Profile
# ===============================
SPRING_PROFILES_ACTIVE=prod

# ===============================
# Server Configuration
# ===============================
SERVER_PORT=8080

# ===============================
# MongoDB Configuration (REQUIRED in production)
# ===============================
MONGODB_URI=mongodb://localhost:27017/ssl-clm-db

# ===============================
# JWT Configuration (REQUIRED in production)
# ===============================
JWT_SECRET=CHANGE_THIS_TO_A_LONG_RANDOM_STRING
JWT_EXPIRATION=1800000

# ===============================
# CA Integration
# ===============================
CA_PROVIDER=internal
CA_API_URL=https://ca.example.com
CA_API_KEY=change_me

# ===============================
# Email Configuration (Optional)
# ===============================
EMAIL_ENABLED=true
EMAIL_FROM=noreply@yourcompany.com
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
EMAIL_USERNAME=your-email@gmail.com
EMAIL_PASSWORD=your-app-password

# ===============================
# SSL/TLS Configuration (Optional HTTPS)
# ===============================
SERVER_SSL_ENABLED=false

# ===============================
# Reporting & Scheduling
# ===============================
REPORTING_ENABLED=true
SCHEDULING_ENABLED=true

# ===============================
# Swagger / OpenAPI
# ===============================
SWAGGER_ENABLED=false

Launch with:

java -jar ssl-clm.jar --spring.profiles.active=prod

Health Check

Verify application health:

curl http://localhost:8080/actuator/health

Expected:

{
  "status": "UP"
}

Accessing the UI

Once started, open:

http://localhost:8080

The UI is served from the same application.

SSL CLM open ui

Production Deployment Pattern

Recommended:

Run behind a reverse proxy
Enable HTTPS
Secure CA credentials
Restrict MongoDB access
Configure firewall rules
Rotate JWT secret regularly
Enable certificate expiration alerts
Monitor audit logs